Solved: How do I configure FortiGate DNS Serving as DNS Database?

Question/Problem Description

I do a lot of VMware VCSA upgrades for customers, the process fails if there is no DNS resolution of the FQDN during the upgrade process. I tried to fix the problem by creating host records (typically we don’t have access to the client’s DNS servers that run in the virtual environment). I had thought (wrongly) that it simply needed to lookup the FQDN, but I’m told it also needs to do a reverse lookup (locate a PTR record).

We could of course just spin up either a Windows server and put DNS on it, or a Linux BIND server, but what if we could use the firewall? With Cisco this is a non-starter, but what about the clients that have FortiGate?

Solution

Step 1: By default the feature isn’t enabled, you need to go to System > Feature Visibility > DNS Database. Enable it then click on the Apply button.

Step 2: Go to Network > DNS Servers. Click on the Create New button.

Step 3: Select the interface that will serve DNS queries then click on the OK button.

Step 4: Back at the min page under DNS Database > Create New > Give the zone a sensible name > Set the domain name. Click on the Create New button under the DNS Entries section.

Step 5: Create a host (A Record) that will point the FQDN to the correct IP address.

Step 6: Create a pointer (PTR Record) that will point the IP address back to the FQDN.

Step 7: Verify that the A record and PTR record are listed under the DNS Entries section, then click on the OK button.

Step 8: Perform testing from a client that’s connected to the Interface serving DNS requests.