Hello Fortinet Community! I'm experimenting with a 40F Gate and was wondering if this is even a feasible idea.
I'd like to create a Virtual Server with 3 x Public DNS Servers behind it (as an example). Then I'd like to set the System DNS to that of the Virtual Server. Then under my "internal" interface with DHCP enabled, I'd like to set the clients to use the "Same as Interface IP" which points to the gate. Is this a viable approach or am I over complicating it?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Yes, on the feasibility but simply overcomplicated design.
Best regards,
Jin
Hello Wegga,
Using a Virtual Server as the system DNS in a FortiGate (such as the 40F model) is technically feasible but might not be the most efficient approach. Here’s how it could work and some considerations:
Virtual Server Setup: You can configure a Virtual Server on your FortiGate with three public DNS servers behind it. This Virtual Server will distribute DNS requests to the backend DNS servers.
System DNS: You could then set the FortiGate’s system DNS to the IP address of this Virtual Server.
DHCP Configuration: Under the internal interface with DHCP enabled, you can set the clients to use “Same as Interface IP,” which points to the FortiGate. The FortiGate would forward DNS requests to the Virtual Server.
Load Balancing: FortiGate will load balance DNS queries across the configured DNS servers, but you might face issues like slight delays or additional complexity in configuration.
Redundancy: If the Virtual Server or any backend DNS server fails, you need to ensure that failover is correctly configured to avoid DNS resolution issues.
Overcomplication: For most setups, directly configuring the DNS servers in the System DNS settings or using FortiGate’s DNS server capabilities might be simpler and more reliable.
This setup is possible, but it might be overcomplicating the DNS resolution process when simpler solutions are available. It’s often better to directly configure trusted DNS servers in the System DNS settings for efficiency and simplicity.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1560 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.