Solved

Server DNS Forwarder - Validating Error

Posted on 2014-04-22
4
1,237 Views
Last Modified: 2014-05-05
Hi,

Just checking is it a norm if my ISP dns cannot be validated but it can return back the Server FQDN successfully. See picture below.

DNS Forwarder
I have 2 ISP static fibre broadband. First one is provide by Singtel and another one is Starhub.

When my server is connected to internet with the Singtel, it can validate the Singtel dns with no problem but will not be able to validate the dns provided by Starhub.

If my server is connected to internet with the Starhub, it can validate both Starhub and Singtel dns with no problem.

Does it have anything to do with my Fortigate 100D Firewall?
0
Comment
Question by:hlmarine
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 500 total points
ID: 40014202
Some ISP block some external traffic by "security reasons". I have a case on Mexico, Telmex blocks SMTP traffic to all DSL clients, only way is use SMTP relay provided by ISP. Ask to your ISP to resolve your question.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014269
in your scenario when u have a fortigate 100 D firewall why are u pointing forwarders to dns...

the best practice is terminate both  networks on fortigate and create lan on lan add your local DNS and the interface with DNS round robins... so the external dns request will go through  the fortigate... which will scan the network packets reaching to your network over internet.


any how..

check the pinging of both dns ip's from the DNS server...

if not pinging check the icmp setting and firewall setting in the fortigate..
0
 

Author Comment

by:hlmarine
ID: 40014417
Hi Shaik,

Do you mean under my Fortigate DNS, I set the Primary DNS for Singtel and Secondary DNS for Starhub?
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 40014489
let me explain you...

in most common scenarios may be in your scenario... the fortigate 100 D will act as default gateway...

on fortigate u have terminated internet connection from singtel on one port ... and star hub link on another port of fortigate 100 D.

on the fortigate 100 D u have 1 or some Lan ports configured for LAN access.

in this scenario all local Lan traffic Dns is pointing to your AD Dns or Domain Dns...
that's fine ...

and internet traffic from both ports are nat to your network.

if this is your scenario...

fortigate 100 D is having built in DNS forwarding feature no need to do the dons forwarder on the DNS server.

all the requests are going through the gateway so let gateway to decide... and its the best practice in security reason...

check the guide for the setup..

http://kb.fortinet.com/kb/documentLink.do?externalID=FD32065

all the best
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now