Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steffen
New Contributor

Best practises DNS over IPSEC with Fall Back to public DNS

Hello all,

 

we have a Fortigate F61 and this firewall is planned for a small business location with 10 users. The DNS servers are located in the headquarters and the small site is connected to the main site via IPSec. Is there a best practice way to have DNS over Ipsec and still have the internet working in the event of a failure?

 

Many thanks for the help!

2 REPLIES 2
emnoc
Esteemed Contributor III

Yeah run a local dns-server if 100% business connectivity is require. if you run it over ipsec and do not have any redundancy you would be jacked to say the least.

 

A local cache-only might be suitable and achieve some form of redundant opeartion.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Steffen
New Contributor

Hello Ken, thanks for your answer.

 

unfortunately, there won't be a dns server in the secondary site. There is not enough place and no IT-staff.

Which configuration would still be good for our situation? Can you recommend one to me?

 

 

Labels
Top Kudoed Authors