Which DNS settings make more sense? Passthrough fortigate or configure DNS server?
DNS resolving at a client's site is currently as follows:
Windows Client --> AD (samba) --> dnsmasq --> ISP DNS
Currently dnsmasq is running on a linux cluster that doubles as firewall/router between local lan and external network.
We are going to replace the linux clusters firewall/router capabilities with a fortigate.
There are two variants for DNS in this new setting (clients requirements are to still have a dnsmasq server):
Windows Client --> AD (samba) --> dnsmasq --> (passthrough fortigate) --> ISP DNS
Windows Client --> AD (samba) --> dnsmasq --> (fortigate as DNS server, recursive) --> ISP DNS
Does it make sense to use the fortigate as DNS server in this setup?
dnsmasq will be moved to another cluster anyway and will still be there.