About Split Dns; Configuring Fortigate Dns Services - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Configuring FortiGate DNS services
About split DNS
Configuring FortiGate DNS services
206
In a split DNS configuration you create a DNS database on the FortiGate unit, usually for
host names on an internal network or for a local domain. When users on the internal
network attempt to connect to these host names the IP addresses are provided by the
FortiGate unit DNS database. Host names that are not in the FortiGate unit DNS database
are resolved by relaying the DNS lookup to an external DNS server.
A split DNS configuration can be used to provide internal users access to resources on
your private network that can also be accessed from the Internet. For example, you could
have a public web server behind a FortiGate unit operating in NAT/Route mode. Users on
the Internet access this web server using a port forwarding virtual IP. So the web server
has a public IP address for internet users. But you may want users on your internal
network to access the server using its private IP address to keep traffic from internal users
off of the Internet. To do this, you create a split DNS configuration on the FortiGate unit
and add the host name of the server to the FortiGate DNS database, but include the
internal IP address of server instead of the external IP address. Because the FortiGate
unit checks the FortiGate DNS database first, all DNS lookups for the server host name
will return the internal IP address of the server.
For an example of how to configure split DNS, see
on page
208.
This section provides a general procedure for configuring FortiGate DNS as well as
specific procedures for configuring a FortiGate interface to provide DNS services in
different ways.
General FortiGate DNS server configuration
1 Go to System > Network > Options and add the IP addresses of a Primary and
Secondary DNS server.
These should be the DNS servers provided by your ISP or other public DNS servers.
The FortiGate unit uses these DNS servers for its own DNS lookups and can be used
to supply DNS look ups for your internal networks. See
Options" on page
204.
2 Go to System > Network > Interface and edit the interface connected to a network that
you want the FortiGate unit to be a DNS server for.
3 Select Enable DNS Query.
When you select Enable DNS Query, the FortiGate unit relays all DNS queries
received by this interface to the DNS servers configured under System > Network >
Options. Select Recursive or Non-Recursive to control how this works.
recursive
Look up domain names in the FortiGate DNS database. If the entry is not
found, relay the request to the DNS servers configured under System >
Network > Options. Can be used for a split DNS configuration.
non-recursive
Look up domain names in the FortiGate DNS database. Do not relay the
request to the DNS servers configured under System > Network > Options.
4 Go to System > Network > DNS Database and configure the FortiGate DNS database.
Add zones and entries as required. See
page
208.
"To configure a split DNS configuration"
"Configuring Networking
"Configuring the FortiGate DNS database" on
FortiGate Version 4.0 MR1 Administration Guide
http://docs.fortinet.com/
System Network
01-410-89802-20090903
•
Feedback
Advertisement
Table of Contents
