FortiWAN Configurations

Leave a reply
NS Record

Name Server (NS) records identify the name servers that are authoritative for a DNS domain. It requires at least one NS record for a domain to tell other name servers who to ask for resolving the domain name. For Multihoming, after the previous settings Domain Name, Primary Name Server and IPv4 Address are configured, the values will be automatically set to a NS record and an A/AAAA record for the domain. For example: example.com. 86400 IN NS ns1.example.com ns1.example.com 86400 IN A 10.10.10.10

You do not need to manually add a NS record and an A/AAAA record for the primary name server through the Web UI.

You can have multiple NS records in a domain, if there are multiple name servers authoritative for the domain for redundancy purpose. So that if the primary name server is unavailable, the domain will still be accessible. Configure the following settings to add the redundant NS records.

Name Server The other name server authoritative for the domain, except the primary name server. This field can be configured in two formats: a hostname (prefix) or a FQDN.

Hostname (prefix)

Text string (dot characters within is acceptable) specified here that does not end with a dot character is regarded as a hostname (prefix) of the name server, and the base domain specified previously will be appended automatically to this hostname in Multihoming system backend. For example entering “ns2”, “abc.ns2” or “abc.d.ns2” here, if the name server’s FQDN is ns2.example.com, abc.ns2.example.com or abc.d.ns2.example.com. The corresponding NS record in backend will be:

example.com. 86400 IN NS ns2.example.com
  or

example.com. 86400

 IN NS abc.ns2.example.com
  or

example.com. 86400

 IN NS abc.d.ns2.example.com
  FQDN

On the contrary, text string (dot characters within is acceptable) specified here that ends with a dot character is regarded as a FQDN of the name server, and the base domain specified previously will not be appended to it in backend. For example entering “ns2.example.com.”, “abc.ns2.example.com.” or “ns.otherdomain.com.” here, if the name server’s FQDN is ns2.example.com, abc.ns2.example.com or ns.otherdomain.com. The corresponding NS record in backend will be: example.com. 86400 IN NS ns2.example.com
  or

example.com. 86400 IN

 NS abc.ns2.example.com
  or

example.com. 86400 IN

 NS ns.otherdomain.com
IPv4 Address IPv4 address of the name server.
IPv6 Address IPv6 address of the name server.

A NA record configuration entry implies a NS record and an A/AAAA record in the domain. For example: example.com. 86400 IN NS ns2.example.com

ns2.example.com 86400 IN A 20.20.20.20

You do not need to manually add an A/AAAA record for the NS record through the Web UI.

A/AAAA Record

A/AAAA record (Address Record) points a FQDN (fully qualified domain name) to an IP address, so that a host (such as www.example.com) can be found. A traditional A/AAAA record is configured with a specific host and a fixed IP for connecting to the host. However, Multihoming dynamically determines the IP according predefined policies. Thus, the settings of an A/AAAA record will associate a host with a policy (please get the A/AAAA record policies configured first).

Host Name Hostname (prefix) of a computer or server within the domain. Enter “www” if the FQDN to be resolved is www.example.com, or enter the wildcard character * (see Wildcard Support below). Dot characters within the hostname here is not acceptable.
When Select a time period for this filter term to evaluate the DNS queries by the receiving time, or leave it as All-Time. See Busyhour Settings for details.
Source Define the source IPv6/IPv4 address for this filter term to evaluate DNS queries by where they come from, or leave it as Any Address. This could be a single IP, a range of IPs or an IP subnet.
To Policy Select a predefined A/AAAA record policy used for the domain settings. Specify an A/AAAA policy for DNS queries that match filter items: Host Name, When and Source. According to the policy, Multihoming determines an IP for answering the matched query. All the predefined A/AAAA record policies are list here for options.
TTL Set the TTL (Time to Live) for the A/AAAA record.

You can associate a hostname with multiple policy by the filter items When and Source. Multihoming resolves the same domain name with different policies by the receiving time and source of the DNS queries. For example:

Host Name=www, When=Idel, Source=Any Address, To Policy=Policy_A

Host Name=www, When=Busy, Source=8.8.8.8, To Policy=Policy_B

Pages: 1 2 3 4 5 6 7
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.