Solved

Server DNS Forwarder - Validating Error

Posted on 2014-04-22
4
1,411 Views
Last Modified: 2014-05-05
Hi,

Just checking is it a norm if my ISP dns cannot be validated but it can return back the Server FQDN successfully. See picture below.

DNS Forwarder
I have 2 ISP static fibre broadband. First one is provide by Singtel and another one is Starhub.

When my server is connected to internet with the Singtel, it can validate the Singtel dns with no problem but will not be able to validate the dns provided by Starhub.

If my server is connected to internet with the Starhub, it can validate both Starhub and Singtel dns with no problem.

Does it have anything to do with my Fortigate 100D Firewall?
0
Comment
Question by:hlmarine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 500 total points
ID: 40014202
Some ISP block some external traffic by "security reasons". I have a case on Mexico, Telmex blocks SMTP traffic to all DSL clients, only way is use SMTP relay provided by ISP. Ask to your ISP to resolve your question.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014269
in your scenario when u have a fortigate 100 D firewall why are u pointing forwarders to dns...

the best practice is terminate both  networks on fortigate and create lan on lan add your local DNS and the interface with DNS round robins... so the external dns request will go through  the fortigate... which will scan the network packets reaching to your network over internet.


any how..

check the pinging of both dns ip's from the DNS server...

if not pinging check the icmp setting and firewall setting in the fortigate..
0
 

Author Comment

by:hlmarine
ID: 40014417
Hi Shaik,

Do you mean under my Fortigate DNS, I set the Primary DNS for Singtel and Secondary DNS for Starhub?
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014489
let me explain you...

in most common scenarios may be in your scenario... the fortigate 100 D will act as default gateway...

on fortigate u have terminated internet connection from singtel on one port ... and star hub link on another port of fortigate 100 D.

on the fortigate 100 D u have 1 or some Lan ports configured for LAN access.

in this scenario all local Lan traffic Dns is pointing to your AD Dns or Domain Dns...
that's fine ...

and internet traffic from both ports are nat to your network.

if this is your scenario...

fortigate 100 D is having built in DNS forwarding feature no need to do the dons forwarder on the DNS server.

all the requests are going through the gateway so let gateway to decide... and its the best practice in security reason...

check the guide for the setup..

http://kb.fortinet.com/kb/documentLink.do?externalID=FD32065

all the best
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question