Hot!DNS Proxy / Redirection based on (wildcard) domainname

Author
Gerk
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/08/14 04:20:23
  • Location: NL
  • Status: offline
2018/08/14 05:06:54 (permalink)
0

DNS Proxy / Redirection based on (wildcard) domainname

Hi all,
 
I want to configure the following:
Use the Fortigate as DNS server.
When a user enters a specific text(eg:acceptance.location) in the URL/Domain like 'test.acceptance.location.company.com' i want the DNS request forwarded to a group of DNS servers(1.1.1.1/1.1.1.2/1.1.1.3).
When a users enters a specific text(eg:production.location) in the URL/Domain like 'test.production.location.company.com' i want the DNS request forwarded to a group of DNS servers(2.2.2.1/2.2.2.2/2.2.2.3).
 
Is this possible on our Fortigate V6.0.0?
 
Kind regards,
 
Gerk
#1

5 Replies Related Threads

    Gerk
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/14 04:20:23
    • Location: NL
    • Status: offline
    Re: DNS Proxy / Redirection based on (wildcard) domainname 2018/08/16 05:44:40 (permalink)
    0
    Hi all,
     
    No one got a clue if this works or how to solve this?
     
    Thanks!
    Gerk
    #2
    rwpatterson
    Expert Member
    • Total Posts : 8275
    • Scores: 181
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: online
    Re: DNS Proxy / Redirection based on (wildcard) domainname 2018/08/16 07:09:00 (permalink)
    0
    As far as I am aware, this is done on the DNS server with zones. I'm not aware of any mechanism on a Fortigate that would do this. One DNS server would forward requests to the second. (actually it would act as a slave and use records from the primary)

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #3
    sw2090
    Gold Member
    • Total Posts : 172
    • Scores: 10
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: DNS Proxy / Redirection based on (wildcard) domainname 2018/08/16 23:18:07 (permalink)
    0
    if a DNS is not authoritative for a domain (i.e. it does not have a zone for it at all) it will ask the root dns servers who is authoritative and then forward the request to it. This is standard DNS protocoll.
    If the root dns dont know that domain too it will state "NXDOMAIN" (i.e. doesn't exist/cannot be resolved).
     
    if it is authortiative (i.e. it has a zone for the domain) it will use the information in its zone to resolve it.
    FortiGate's DNS Server can manage zones.
     
    However you cannot afaik forward DNS Traffic specific for a domain. DNS Forward will only forward all.
    Maybe you could do it with a policy that only allows DNS for domain #1 to the correct server. But I never tried that, so not sure if it would work...
    #4
    Gerk
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/14 04:20:23
    • Location: NL
    • Status: offline
    Re: DNS Proxy / Redirection based on (wildcard) domainname 2018/08/17 05:43:31 (permalink)
    0
    Hi all,

    Thanks for your answers.
    This seems what i'm look for:
    DNS Request Routing - https://community.sophos.com/kb/en-us/123099 
    Thanks!
     
    Gerk
     
     
     
    #5
    sw2090
    Gold Member
    • Total Posts : 172
    • Scores: 10
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: DNS Proxy / Redirection based on (wildcard) domainname 2018/08/17 06:00:45 (permalink)
    0
    yes it probably is. Am just not sure if this is supported by FortiOS...
    #6
    Jump to:
    © 2018 APG vNext Commercial Version 5.5