Question/Problem Description
I do a lot of VMware VCSA upgrades for customers, the process fails if there is no DNS resolution of the FQDN during the upgrade process. I tried to fix the problem by creating host records (typically we don’t have access to the client’s DNS servers that run in the virtual environment). I had thought (wrongly) that it simply needed to lookup the FQDN, but I’m told it also needs to do a reverse lookup (locate a PTR record).
We could of course just spin up either a Windows server and put DNS on it, or a Linux BIND server, but what if we could use the firewall? With Cisco this is a non-starter, but what about the clients that have FortiGate?
Solution
Step 1: By default the feature isn’t enabled, you need to go to System > Feature Visibility > DNS Database. Enable it then click on the Apply button.
Step 2: Go to Network > DNS Servers. Click on the Create New button.
Step 3: Select the interface that will serve DNS queries then click on the OK button.
Step 4: Back at the min page under DNS Database > Create New > Give the zone a sensible name > Set the domain name. Click on the Create New button under the DNS Entries section.
Step 5: Create a host (A Record) that will point the FQDN to the correct IP address.
Step 6: Create a pointer (PTR Record) that will point the IP address back to the FQDN.
Step 7: Verify that the A record and PTR record are listed under the DNS Entries section, then click on the OK button.
Step 8: Perform testing from a client that’s connected to the Interface serving DNS requests.
