Fortinet black logo

Handbook

Home FortiGSLB Handbook

How to add FortiGSLB Cloud as sub-domain

How to add FortiGSLB Cloud as sub-domain

Example: You have a domain configured on a FortiADC as 'example.com'. You want the sub-domain "sub.example.com' to be configured on FortiGSLB Cloud with the name of this sub-domain's primary server name to be 'ns-4.sub.example.com'. The resolver address is '10.106.156.24' and the FortiADC DNS server address is '10.106.156.183'. The sub-domain DNS server address provided by FortiGSLB Cloud is '10.106.33.120'.

Steps
  1. To configure the sub-domain on FortiGSLB Cloud, go to DNS Services and Click Create DNS services or Create New.
    1. Domain Name: full sub-domain name with '.' at the end
    2. Primary Server Name: primary server name without domain name at the end
    3. Primary Server Address: DNS server address
    4. Add an A record for testing. In this example, a 'www' A record is configured with IP '10.107.9.81'
  2. To configure an NS record on FortiADC, go to Global Load Balance > Zone Tools > Zone. Click on the zone to edit. Click Create New and select NS Record.
    1. Domain Name: The sub-domain name without 'example.com.'
    2. Host Name: The sub-domain's Primary Server Name without 'example.com'
    3. Address: The IP address of the sub-domain's DNS server
  3. Verify the configuration by querying the resolver '10.106.156.24'.
    Recommendation: dig for Linux; nslookup or Resolve-DnsName for Windows.
    If done correctly, the output should look like the following:



    At this point, you should be able to get the A record resolved from the Google resolver '8.8.8.8'
Debugging

If verification fails, the user will need to debug according to the steps below:

Debugging on Linux
  1. Try querying the sub-domain DNS server ‘10.106.33.120’ directly for the A record.
    1. If the query fails, you may need to reconfigure your sub-domain Zone. Try deleting some of the other records and query again. Note: The configure changes may take a few minutes to take effect.
  2. Try querying the domain NS server '10.106.156.183' for the NS record.
    1. If the query fails, double check your FortiADC Zone records configuration, paying particular attention to the other NS records and CNAME records for potential conflicts.
  3. Double check the domain NS record and Zone configuration. They should match with the query results.
  4. If all checks were successful but the resolver still cannot resolve 'www.sub.example.com', check your network. You can also try to query the NS record from the resolver and query the A record from the domain DNS server to determine which part may have caused the failure.
    Note: In order to query the sub-domain A record from the domain DNS server, you need to enable Recursion within FortiADC Policy settings.
Debugging on Windows using nslookup
  1. Try querying the sub-domain DNS server '10.106.33.120' directly for the A record.
    1. If the query fails, you may need to reconfigure your sub-domain zone. Try deleting some of the other records and querying again. Note: The configure changes may take a few minutes to take effect.
  2. Try querying the domain DNS server '10.106.156.183' for the NS record.
    1. If the query fails, double check the FortiADC Zone records configuration, paying particular attention to the other NS records and CNAME records for potential conflicts.
  3. Double check the domain NS record and Zone configuration. You can also check the SOA record from the sub-domain DNS server and NS record from the domain DNS server.
  4. If all checks were successful but the resolver still cannot resolve 'www.sub.example.com', check your network. You can also try to query the NS record from the resolver and query the A record from the domain DNS server to determine which part may have caused the failure.
    Note: In order to query the sub-domain A record from the domain DNS server, you need to enable Recursion within FortiADC Policy settings.
Debugging on Windows using Resolve-DnsName
  1. Try querying the sub-domain DNS server '10.106.33.120' directly for the A record.
    1. If the query fails, you may need to reconfigure your sub-domain zone. Try deleting some of the other records and querying again. Note: The configure changes may take a few minutes to take effect.
  2. Try querying the domain DNS server '10.106.156.183' for the NS record.
    1. If the query fails, double check the FortiADC Zone records configuration, paying particular attention to the other NS records and CNAME records for potential conflicts.
  3. Double check the domain NS record and Zone configuration. They should match with the query results.
  4. If all checks were successful but the resolver still cannot resolve 'www.sub.example.com', check your network. You can also try to query the NS record from the resolver and query the A record from the domain DNS server to determine which part may have caused the failure.
    Note: In order to query the sub-domain A record from the domain DNS server, you need to enable Recursion within FortiADC Policy settings.
Previous
Next

How to add FortiGSLB Cloud as sub-domain

Example: You have a domain configured on a FortiADC as 'example.com'. You want the sub-domain "sub.example.com' to be configured on FortiGSLB Cloud with the name of this sub-domain's primary server name to be 'ns-4.sub.example.com'. The resolver address is '10.106.156.24' and the FortiADC DNS server address is '10.106.156.183'. The sub-domain DNS server address provided by FortiGSLB Cloud is '10.106.33.120'.

Steps
  1. To configure the sub-domain on FortiGSLB Cloud, go to DNS Services and Click Create DNS services or Create New.
    1. Domain Name: full sub-domain name with '.' at the end
    2. Primary Server Name: primary server name without domain name at the end
    3. Primary Server Address: DNS server address
    4. Add an A record for testing. In this example, a 'www' A record is configured with IP '10.107.9.81'
  2. To configure an NS record on FortiADC, go to Global Load Balance > Zone Tools > Zone. Click on the zone to edit. Click Create New and select NS Record.
    1. Domain Name: The sub-domain name without 'example.com.'
    2. Host Name: The sub-domain's Primary Server Name without 'example.com'
    3. Address: The IP address of the sub-domain's DNS server
  3. Verify the configuration by querying the resolver '10.106.156.24'.
    Recommendation: dig for Linux; nslookup or Resolve-DnsName for Windows.
    If done correctly, the output should look like the following:



    At this point, you should be able to get the A record resolved from the Google resolver '8.8.8.8'
Debugging

If verification fails, the user will need to debug according to the steps below:

Debugging on Linux
  1. Try querying the sub-domain DNS server ‘10.106.33.120’ directly for the A record.
    1. If the query fails, you may need to reconfigure your sub-domain Zone. Try deleting some of the other records and query again. Note: The configure changes may take a few minutes to take effect.
  2. Try querying the domain NS server '10.106.156.183' for the NS record.
    1. If the query fails, double check your FortiADC Zone records configuration, paying particular attention to the other NS records and CNAME records for potential conflicts.
  3. Double check the domain NS record and Zone configuration. They should match with the query results.
  4. If all checks were successful but the resolver still cannot resolve 'www.sub.example.com', check your network. You can also try to query the NS record from the resolver and query the A record from the domain DNS server to determine which part may have caused the failure.
    Note: In order to query the sub-domain A record from the domain DNS server, you need to enable Recursion within FortiADC Policy settings.
Debugging on Windows using nslookup
  1. Try querying the sub-domain DNS server '10.106.33.120' directly for the A record.
    1. If the query fails, you may need to reconfigure your sub-domain zone. Try deleting some of the other records and querying again. Note: The configure changes may take a few minutes to take effect.
  2. Try querying the domain DNS server '10.106.156.183' for the NS record.
    1. If the query fails, double check the FortiADC Zone records configuration, paying particular attention to the other NS records and CNAME records for potential conflicts.
  3. Double check the domain NS record and Zone configuration. You can also check the SOA record from the sub-domain DNS server and NS record from the domain DNS server.
  4. If all checks were successful but the resolver still cannot resolve 'www.sub.example.com', check your network. You can also try to query the NS record from the resolver and query the A record from the domain DNS server to determine which part may have caused the failure.
    Note: In order to query the sub-domain A record from the domain DNS server, you need to enable Recursion within FortiADC Policy settings.
Debugging on Windows using Resolve-DnsName
  1. Try querying the sub-domain DNS server '10.106.33.120' directly for the A record.
    1. If the query fails, you may need to reconfigure your sub-domain zone. Try deleting some of the other records and querying again. Note: The configure changes may take a few minutes to take effect.
  2. Try querying the domain DNS server '10.106.156.183' for the NS record.
    1. If the query fails, double check the FortiADC Zone records configuration, paying particular attention to the other NS records and CNAME records for potential conflicts.
  3. Double check the domain NS record and Zone configuration. They should match with the query results.
  4. If all checks were successful but the resolver still cannot resolve 'www.sub.example.com', check your network. You can also try to query the NS record from the resolver and query the A record from the domain DNS server to determine which part may have caused the failure.
    Note: In order to query the sub-domain A record from the domain DNS server, you need to enable Recursion within FortiADC Policy settings.
Previous
Next