fortigate - forward all network traffic through specific dns server

Author
Yogev
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/19 00:22:43
  • Status: offline
2019/09/19 00:57:02 (permalink)
0

fortigate - forward all network traffic through specific dns server

Hello,

I will like to forward all DNS queries at my network to go through a safer DNS server like 9.9.9.9. This is the current configuration - My DHCP server is the FortiGate and it is directed to a DNS server at my network. I will like to keep the DNS server as it is but instead of sending the queries to my ISP DNS server I want it to run through the quad9 DNS server.
Any ideas?
#1

1 Reply Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6068
    • Scores: 488
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: fortigate - forward all network traffic through specific dns server 2019/09/19 04:25:14 (permalink)
    0
    Create a VIP which redirects (destination NAT) your ISP's DNS address to quad9.
    external address: 1.2.3.4 (your ISP's DNS)
    mapped-to: 9.9.9.9
     
    no port forwarding.
     
    Then, create a policy
    from LAN
    to WAN
    src addr LAN/24
    dest addr: this_VIP
    service: DNS
     
    and query with "nslookup" from a host.
    I use this to reduce NTP queries by redirecting them to the FGT LAN interface, and using the FGT as NTP server. Sometimes this is easier than walk around and change so many devices...

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5