Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wegga
New Contributor

Use Virtual Server as System DNS - Possible?

Hello Fortinet Community! I'm experimenting with a 40F Gate and was wondering if this is even a feasible idea.

I'd like to create a Virtual Server with 3 x Public DNS Servers behind it (as an example). Then I'd like to set the System DNS to that of the Virtual Server. Then under my "internal" interface with DHCP enabled, I'd like to set the clients to use the "Same as Interface IP" which points to the gate. Is this a viable approach or am I over complicating it?

router login 192.168.l.l
2 REPLIES 2
jintrah_FTNT
Staff
Staff

Hi,

Yes, on the feasibility but simply overcomplicated design.

 

Best regards,

Jin

Raghu_Kumar
Staff
Staff

Hello Wegga,

Using a Virtual Server as the system DNS in a FortiGate (such as the 40F model) is technically feasible but might not be the most efficient approach. Here’s how it could work and some considerations:

  1. Virtual Server Setup: You can configure a Virtual Server on your FortiGate with three public DNS servers behind it. This Virtual Server will distribute DNS requests to the backend DNS servers.

  2. System DNS: You could then set the FortiGate’s system DNS to the IP address of this Virtual Server.

  3. DHCP Configuration: Under the internal interface with DHCP enabled, you can set the clients to use “Same as Interface IP,” which points to the FortiGate. The FortiGate would forward DNS requests to the Virtual Server.

Considerations:

  • Load Balancing: FortiGate will load balance DNS queries across the configured DNS servers, but you might face issues like slight delays or additional complexity in configuration.

  • Redundancy: If the Virtual Server or any backend DNS server fails, you need to ensure that failover is correctly configured to avoid DNS resolution issues.

  • Overcomplication: For most setups, directly configuring the DNS servers in the System DNS settings or using FortiGate’s DNS server capabilities might be simpler and more reliable.

This setup is possible, but it might be overcomplicating the DNS resolution process when simpler solutions are available. It’s often better to directly configure trusted DNS servers in the System DNS settings for efficiency and simplicity.

Raghuram Kumar
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors