2

Can you advise on moving to a hybrid DNS?

Currently, all our LAN machines receive their IP address from our Fortigate 60D (each machine is either allocated an IP address from the Fortigate DHCP, or has a static IP address set in the Fortigate).
Our DNS records are currently managed from fortiddns.com.

Can I create a local DNS server, that will perform name-resolution for some of our LAN machines?

boardrider
  • 889
  • 2
  • 15
  • 26
  • is this an active directory environment? – SteamerJ Dec 10 '18 at 21:21
  • No, @SteamerJ. Is active directory necessary? – boardrider Dec 10 '18 at 22:13
  • It is not, but usually when you're connecting to computers via name that's in play. If you have all your computers using fqdn names with the same domain name then you can set up a small server locally that is authoritative for that domain. I would suggest not using the same domain that you have in fortindns.com. if, for example you have mydomain.com in fortindns then you could do a subdomain of that for your local dbs server such as workgroup.mydomain.com and each of your computers would be named like this: computer1.workgroup.mydomain.com – SteamerJ Dec 10 '18 at 23:37
  • Thanks for the suggestions, @SteamerJ. Actually, our DHCP server uses `.local` as the domain in our LAN (e.g., `server1.local`), so, if it'd be possible, I'd continue to use *.local as the FQDN. None of our LAN machines are exposed across our firewall, so that shouldn't be a problem. – boardrider Dec 11 '18 at 23:44

1 Answers1

0

That being said you can certainly can set up DNS internally for it to resolve the locals hosts. Each time you add a host you will want to make sure their DNS entry is added to the server if you don't have a way for them to register themselves (active directory usually takes care of this in a Windows environment). I would advise against using .local since it may cause you pain down the road and has been advised against using for local networks. In AD environments you typically see a company with a site MyCompany.com with a public DNS server for all things web. Internally you would create a subdomain for your DNS server like office.MyCompany.com which you wouldn't actually publish to your public DNS and it would be valid internally only. Your hosts would end up looking like computer1.office.mycompany.com and since your internal DNS server only knows to serve the office subdomain it would look externally to resolve anything else. This is the more proper way to do it. If you wanted to keep some reference to .local you could use local.mycompany.com. for your resolvers you would set the hostname to just be computer1 and have it search your configured DNS server for local.mycompany.com

SteamerJ
  • 403
  • 2
  • 7