Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Gerk
New Contributor

DNS Proxy / Redirection based on (wildcard) domainname

Hi all,

 

I want to configure the following:

Use the Fortigate as DNS server.

When a user enters a specific text(eg:acceptance.location) in the URL/Domain like 'test.acceptance.location.company.com' i want the DNS request forwarded to a group of DNS servers(1.1.1.1/1.1.1.2/1.1.1.3).

When a users enters a specific text(eg:production.location) in the URL/Domain like 'test.production.location.company.com' i want the DNS request forwarded to a group of DNS servers(2.2.2.1/2.2.2.2/2.2.2.3).

 

Is this possible on our Fortigate V6.0.0?

 

Kind regards,

 

Gerk

5 REPLIES 5
Gerk
New Contributor

Hi all,

 

No one got a clue if this works or how to solve this?

 

Thanks!

Gerk

rwpatterson
Valued Contributor III

As far as I am aware, this is done on the DNS server with zones. I'm not aware of any mechanism on a Fortigate that would do this. One DNS server would forward requests to the second. (actually it would act as a slave and use records from the primary)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
sw2090
Honored Contributor

if a DNS is not authoritative for a domain (i.e. it does not have a zone for it at all) it will ask the root dns servers who is authoritative and then forward the request to it. This is standard DNS protocoll.

If the root dns dont know that domain too it will state "NXDOMAIN" (i.e. doesn't exist/cannot be resolved).

 

if it is authortiative (i.e. it has a zone for the domain) it will use the information in its zone to resolve it.

FortiGate's DNS Server can manage zones.

 

However you cannot afaik forward DNS Traffic specific for a domain. DNS Forward will only forward all.

Maybe you could do it with a policy that only allows DNS for domain #1 to the correct server. But I never tried that, so not sure if it would work...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Gerk
New Contributor

Hi all,

Thanks for your answers.

This seems what i'm look for:

DNS Request Routing - https://community.sophos.com/kb/en-us/123099

 

Thanks!

 

Gerk

 

 

 

sw2090
Honored Contributor

yes it probably is. Am just not sure if this is supported by FortiOS...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors