Hot!Best practises DNS over IPSEC with Fall Back to public DNS

Author
Steffen
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/10/12 01:44:11
  • Status: offline
2021/10/14 11:01:41 (permalink)
0

Best practises DNS over IPSEC with Fall Back to public DNS

Hello all,
 
we have a Fortigate F61 and this firewall is planned for a small business location with 10 users. The DNS servers are located in the headquarters and the small site is connected to the main site via IPSec. Is there a best practice way to have DNS over Ipsec and still have the internet working in the event of a failure?
 
Many thanks for the help!

Attached Image(s)

#1

2 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 6224
    • Scores: 435
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Best practises DNS over IPSEC with Fall Back to public DNS 2021/10/14 13:08:25 (permalink)
    0
    Yeah run a local dns-server if 100% business connectivity is require. if you run it over ipsec and do not have any redundancy you would be jacked to say the least.
     
    A local cache-only might be suitable and achieve some form of redundant opeartion.
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #2
    Steffen
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2021/10/12 01:44:11
    • Status: offline
    Re: Best practises DNS over IPSEC with Fall Back to public DNS 2021/10/15 01:46:23 (permalink)
    0
    Hello Ken, thanks for your answer.
     
    unfortunately, there won't be a dns server in the secondary site. There is not enough place and no IT-staff.

    Which configuration would still be good for our situation? Can you recommend one to me?
     
     
    #3
    Jump to:
    © 2021 APG vNext Commercial Version 5.5