Created on ‎12-27-2019 12:09 AM Edited on ‎03-21-2024 11:30 PM By Jean-Philippe_P
Description
This article describes how to configure DDNS update override in FortiGate DHCP server.
Solution
FortiGate can update a record in local DNS server enabling dynamic updates with DDNS update override option in FortiGate DHCP server.
Note:
Dynamic update for PTR records is not supported with this option.
config system dhcp server
edit 0
set ddns-update enable
set ddns-update_override enable
set ddns-server-ip 10.165.0.84 # ddns_server_ip
set domain fortitest.com # ddns_zone (only if running FOS 6.4+)
set ddns-zone fortitest.com # ddns_zone
next
end
In this example, FortiGate has 10.165.0.83 as a DHCP server.
Windows 2016 server has 10.165.0.84 as a DDNS server.
A test client machine has 10.165.0.57 and will be updated with a DDNS update from the DHCP server.
Change the option for Dynamic Updates to 'Nonsecure and secure'.
The reason behind this is that Microsoft DNS Server does not support the TSIG authentication protocol, and it supports only the GSS-TSIG protocol.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.