Fortinet Fortigate -Windows Server 2008 R2 Configuration
-
We have a new Router ( Fortinet fortigate 200 d)
Then the ISP gave us DNS to be used for LAN configuration.
The problem is Our Active Directory has its own DNS.
Is there any way that we can combine this two DNS?
I heard about LDAP but I'm not sure how to do it yet.
We have Windows Server 2008 R2.
I need an idea or the best way, yet simple to set up this Router with Active directory.
( We tried to set up 50 computers using workgroup it works fine but i think much better
if the login of users are authenticated in Domain,
at the same time the applying of group policy is neccessry due to our company standard policy)
Thanks in Advance -
You can tell your AD DNS server to use your ISP's DNS server for upstream resolution. This allows your internal computers to use your DNS server, and your DNS server will use their DNS server when it doesn't know where to go.
From the DNS manager, Right click the server name > Properties > Forwarders tab > add the ISP's DNS server to this list. From now on when your DNS server doesn't know the answer, it will ask the ISP's DNS server.
-
This is the whole purpose of forwarders in DNS. Your local DNS should always come first. If it's not found there, it gets sent to the forwarders, which is where you can put your ISP's provided DNS address in.
-
You do NOT want any DNS from your ISP. Just ignore that. Use the DNS from AD. There is no value to having your ISP involved in your DNS in any way.
-
@ajstringham said:
This is the whole purpose of forwarders in DNS. Your local DNS should always come first. If it's not found there, it gets sent to the forwarders, which is where you can put your ISP's provided DNS address in.
She said DNS for her LAN, not public DNS.
-
@scottalanmiller said:
@ajstringham said:
This is the whole purpose of forwarders in DNS. Your local DNS should always come first. If it's not found there, it gets sent to the forwarders, which is where you can put your ISP's provided DNS address in.
She said DNS for her LAN, not public DNS.
I assumed it was a misspeak. I can see no possible reason an ISP would provide you DNS info for your LAN. That makes no sense.
-
@scottalanmiller said:
You do NOT want any DNS from your ISP. Just ignore that. Use the DNS from AD. There is no value to having your ISP involved in your DNS in any way.
Agreed. There is nothing to be gained and a lot that likely will break doing this.
-
@scottalanmiller said:
There is no value to having your ISP involved in your DNS in any way.
Except as a valid forwarder in the DNS server config. Especially when you are not local to some of the bigger public DNS systems.
-
@ajstringham said:
@scottalanmiller said:
@ajstringham said:
This is the whole purpose of forwarders in DNS. Your local DNS should always come first. If it's not found there, it gets sent to the forwarders, which is where you can put your ISP's provided DNS address in.
She said DNS for her LAN, not public DNS.
I assumed it was a misspeak. I can see no possible reason an ISP would provide you DNS info for your LAN. That makes no sense.
I agree with AJ here - I'm sure the ISP was speaking in general terms, here is the upstream DNS you can use that we provide.
FYI, if you're looking for fast DNS servers to use as upstream DNS sources (assuming your ISP allows it) try GRC's tool, DNS Benchmark. https://www.grc.com/dns/benchmark.htm
-
Thank you for all of your replies. I will look at it tomorrow..
-
@JaredBusch said:
Except as a valid forwarder in the DNS server config. Especially when you are not local to some of the bigger public DNS systems.
Pretty sure Google has local DNS servers.
-
@scottalanmiller said:
Pretty sure Google has local DNS servers.
They very well may have DNS servers local to @Joyfano's location, but I (try to) never assume.
-
@JaredBusch said:
@scottalanmiller said:
Pretty sure Google has local DNS servers.
They very well may have DNS servers local to @Joyfano's location, but I (try to) never assume.
This is very recent...
http://manilastandardtoday.com/mobile/2014/06/10/speed-up-your-browsing/
-
@scottalanmiller said:
This is very recent...
http://manilastandardtoday.com/mobile/2014/06/10/speed-up-your-browsing/
That has nothing to do with Google having a server close to them. I know what the public DNS values are for Google and OpenDNS (and AT&T not in that article). That does not mean any of those companies has a server farm close enough (and load balanced well) to serve all users.
There is very much a value add to using an ISP provided DNS as long as the ISP is doing both a solid caching job and correctly expiring out entries. The aggregate from all the ISP users hitting everything would likely mean that most sites are already cached locally at the ISP and will not be fed out to a server more hops away.
For most locations in the US, I would not ever bother with anything other than Google and OpenDNS. Based on the things @Joyfano has said about their networks over time, I would try to keep the number of hops as small as possible.
-
@JaredBusch hops are one thing and I agree, extra hops are bad. But bad ISPs with flaky DNS are worse. I'd lean to reliability before anything else.
-
The DNS benchmark tool I mentioned earlier runs query tests against many known considered local to you DNS server. You can broaden the test to any and every DNS server known as well in the hopes of finding the fastest one FOR you.
-
Yes, you can definitely test your DNS speeds to see if the ISP, Google or OpenDNS is faster or by how much.
-
Looks like @joy is already awake!
-
Good morning to all. Yeah I can't sleep. Thank you for all replies.. I'll try to figure out this things later.
-
Good morning.
