Solved

Server DNS Forwarder - Validating Error

Posted on 2014-04-22
4
1,260 Views
Last Modified: 2014-05-05
Hi,

Just checking is it a norm if my ISP dns cannot be validated but it can return back the Server FQDN successfully. See picture below.

DNS Forwarder
I have 2 ISP static fibre broadband. First one is provide by Singtel and another one is Starhub.

When my server is connected to internet with the Singtel, it can validate the Singtel dns with no problem but will not be able to validate the dns provided by Starhub.

If my server is connected to internet with the Starhub, it can validate both Starhub and Singtel dns with no problem.

Does it have anything to do with my Fortigate 100D Firewall?
0
Comment
Question by:hlmarine
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 500 total points
ID: 40014202
Some ISP block some external traffic by "security reasons". I have a case on Mexico, Telmex blocks SMTP traffic to all DSL clients, only way is use SMTP relay provided by ISP. Ask to your ISP to resolve your question.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014269
in your scenario when u have a fortigate 100 D firewall why are u pointing forwarders to dns...

the best practice is terminate both  networks on fortigate and create lan on lan add your local DNS and the interface with DNS round robins... so the external dns request will go through  the fortigate... which will scan the network packets reaching to your network over internet.


any how..

check the pinging of both dns ip's from the DNS server...

if not pinging check the icmp setting and firewall setting in the fortigate..
0
 

Author Comment

by:hlmarine
ID: 40014417
Hi Shaik,

Do you mean under my Fortigate DNS, I set the Primary DNS for Singtel and Secondary DNS for Starhub?
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014489
let me explain you...

in most common scenarios may be in your scenario... the fortigate 100 D will act as default gateway...

on fortigate u have terminated internet connection from singtel on one port ... and star hub link on another port of fortigate 100 D.

on the fortigate 100 D u have 1 or some Lan ports configured for LAN access.

in this scenario all local Lan traffic Dns is pointing to your AD Dns or Domain Dns...
that's fine ...

and internet traffic from both ports are nat to your network.

if this is your scenario...

fortigate 100 D is having built in DNS forwarding feature no need to do the dons forwarder on the DNS server.

all the requests are going through the gateway so let gateway to decide... and its the best practice in security reason...

check the guide for the setup..

http://kb.fortinet.com/kb/documentLink.do?externalID=FD32065

all the best
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now