DNS - Via Windows Server vs. FortiGate Firewall

SecurityPlus · ‎09-14-2023

A client we help has a small office, one Windows Server, and a FortiGate. The server has some DNS Server problems. Would it be possible and wise to turn uninstall the Windows Server DNS and to instead use the FortiGate for DNS? What are the advantages and disadvantages of the Windows Server acting as DNS server vs. the FortiGate acting as DNS server?

mle2802 · ‎09-14-2023

Hi there,

As suggested by Vladislav, there should not be much different if AD is not in used. Please refer to this document for more information about DNS server on FortiGate "https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/960561/fortigate-dns-server"

Regards,
Minh

View solution in original post

v_ceban · ‎09-14-2023

If the customer is not using Active Directory. There won't be much difference, you move it to FGT.

Vladislav Ceban

mle2802 · ‎09-14-2023

Hi there,

As suggested by Vladislav, there should not be much different if AD is not in used. Please refer to this document for more information about DNS server on FortiGate "https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/960561/fortigate-dns-server"

Regards,
Minh

HarshChavda · ‎09-14-2023

Hello @SecurityPlus ,

If you're using Fortigate DNS, you'll have built-in security features like DNS filtering, threat prevention, and firewall integration. If you're using Active Directory, sticking with Windows DNS is usually the better option. For a small office with simple needs, FortiGate's DNS might be sufficient. If DNS security features like filtering are a priority, FortiGate has built-in capabilities.

SecurityPlus · ‎09-14-2023

Thanks everyone. This is very helpful!