• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 87
  • Last Modified:

Registering a Computer on DNS of another subnet

We have a Fortigate 101E Security Appliance.  Port 1 is connected to a LAN with a DHCP Server running on a Windows Server 2008 R2 computer.  The DHCP server hands out addresses from a 192.168.0.0/16 subnet.  Port 10 is configured with a DHCP Server enabled that hands out an address from a 172.16.0.0/16 subnet to a laptop connected to that port.  There are static routes and IPv4 policies entered so we can successfully be on one subnet and ping an address on the other subnet.  However, there is no name resolution yet.  The DHCP server enabled on port 10 is handing out the address of the DNS server on the other subnet (192.168.0.0/16) but when the laptop gets handed a 172.16.X.X address (and the address of the DNS server 192.168.X.X) that address is not registering on the DNS server of the 192.168.0.0 subnet.  How can I get addresses on the 172.168.0.0 network to register on the DNS server of the 192.168.0.0 network?
0
Declan_Basile
Asked:
Declan_Basile
  • 5
  • 5
1 Solution
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
You will have to create a new lookup zone and put a new a record with the appropriate address. That will of course not work for a system that gets moved between zones.
0
 
Declan_BasileITAuthor Commented:
Under Forward Lookup Zones there's a folder with our domain's fully qualified name.  Can addresses from a different subnet be registered in this folder?
0
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
Yes, that what it's for. Since you already have the required new zone there you can use that.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
Declan_BasileITAuthor Commented:
Is there a way to have the client register its address with the DNS server on the other subnet when the client is given an address from its DHCP server or do I have to enter the address in manually?  Note: The DHCP server gives the client the address of the DNS server on the other subnet when it gives the client an ip address to use.
0
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
For security reasons, a DNS server won't register an unauthorized host.
0
 
Declan_BasileITAuthor Commented:
Is the host unauthorized because our primary (original) DHCP server isn't handing out the addresses to the new subnet, or because the address of the host is on a different subnet, or for some other reason?
0
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
It isn't on the domain with an address range where the DNS server is registered.
0
 
Declan_BasileITAuthor Commented:
So to recap, the computer is on the domain but not on the DNS's subnet.  Name to IP resolution worked after I manually entered the "A" record into the correct Forward Lookup folder in the DNS Server.  I also made a reservation for the computer to always be given that address by the DHCP server.  Is there any way that you know of to have computers on this new subnet automatically register with the DNS server?  If not I'll add all the computers in manually.  Thanks.
0
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
That's the correct approach. There isn't an automatic way to set that up for new computers per se, but you can probably script it. Now that you know what to do, I'd probably ask that as a new question. If you want help, that is.
0
 
Declan_BasileITAuthor Commented:
Thanks.
0
 
Blue Street TechLast KnightCommented:
FYI: if you removed the Forigate DHCP server from the WLAN and implemented Windows Server as your DHCP server for all zones via IP Helper this would resolve automatically because when you use Windows Server as your DHCP & DNS server they are tightly integrated so when the user traverses to and from the LAN and WLAN at each DHCP handout the DNS is automatically updated and registered.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now