?
Solved

Server DNS Forwarder - Validating Error

Posted on 2014-04-22
4
Medium Priority
?
1,465 Views
Last Modified: 2014-05-05
Hi,

Just checking is it a norm if my ISP dns cannot be validated but it can return back the Server FQDN successfully. See picture below.

DNS Forwarder
I have 2 ISP static fibre broadband. First one is provide by Singtel and another one is Starhub.

When my server is connected to internet with the Singtel, it can validate the Singtel dns with no problem but will not be able to validate the dns provided by Starhub.

If my server is connected to internet with the Starhub, it can validate both Starhub and Singtel dns with no problem.

Does it have anything to do with my Fortigate 100D Firewall?
0
Comment
Question by:hlmarine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 1500 total points
ID: 40014202
Some ISP block some external traffic by "security reasons". I have a case on Mexico, Telmex blocks SMTP traffic to all DSL clients, only way is use SMTP relay provided by ISP. Ask to your ISP to resolve your question.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014269
in your scenario when u have a fortigate 100 D firewall why are u pointing forwarders to dns...

the best practice is terminate both  networks on fortigate and create lan on lan add your local DNS and the interface with DNS round robins... so the external dns request will go through  the fortigate... which will scan the network packets reaching to your network over internet.


any how..

check the pinging of both dns ip's from the DNS server...

if not pinging check the icmp setting and firewall setting in the fortigate..
0
 

Author Comment

by:hlmarine
ID: 40014417
Hi Shaik,

Do you mean under my Fortigate DNS, I set the Primary DNS for Singtel and Secondary DNS for Starhub?
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014489
let me explain you...

in most common scenarios may be in your scenario... the fortigate 100 D will act as default gateway...

on fortigate u have terminated internet connection from singtel on one port ... and star hub link on another port of fortigate 100 D.

on the fortigate 100 D u have 1 or some Lan ports configured for LAN access.

in this scenario all local Lan traffic Dns is pointing to your AD Dns or Domain Dns...
that's fine ...

and internet traffic from both ports are nat to your network.

if this is your scenario...

fortigate 100 D is having built in DNS forwarding feature no need to do the dons forwarder on the DNS server.

all the requests are going through the gateway so let gateway to decide... and its the best practice in security reason...

check the guide for the setup..

http://kb.fortinet.com/kb/documentLink.do?externalID=FD32065

all the best
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question