Hi,
I have configured the additional DNS Database feature and created a DNS Service on my softwareswitch following these instructions: https://kb.fortinet.com/kb/documentLink.do?externalID=FD49991
Would someone be able to clarify something for me? 2 questions:
1.) I guess for each interface (VLAN) I have to change this to 'Specify' and put in my FG ip address as the DNS server. However, does this replace the DNS settings I've configured in the FG or is it applied in addition?
2.) how is it applied to the VPN subnet?
thanks
Paul
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Paul,
Many thanks for your message.
The DNS database will not override the actual system DNS. You can actually see that as a recursive DNS database. As soon as you configure the FGT as DNS Server you can specify that all requests will be forwarded to the configured system DNS or you can specify a recursive lookup. In case of a recursive lookup all request will be sent to the system DNS apart of the configured DNS suffixes in the database. Means all request for internal domain "something.local" will be handled by FGT, while all other request will be forwarded to the System DNS.
[Client]----[FGT]----[DNS Server]
|
[Configured DNS Database for something.local]
Based on that information you would need to specify the FGT as DNS server for each VLAN, where you need recursive lookup.
For the question on VPN:
For IPSEC and SSLVPN the Fortigate cannot act as DNS Server on these virtual-interfaces directly.
Instead you would need to create a loopback interface, where the DNS service is listening on. In order to reach the loopback interface, you would need to create a route for the client and a firewall policy. Instead of a loopback interface, you could also do the same with the internal IP of a VLAN interface.
I hope this will help you for your design.
Best regards,
Mathias
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.