Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Configuring general settings

The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.

The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have Read-Write permission for Global Load Balance settings.
To configure general settings:
  1. Go to Global Load Balance > Zone Tools.
  2. Click the General Settings tab.
  3. Complete the configuration as described in General configuration.
  4. Save the configuration.

General configuration

Settings Guidelines

Global DNS Configuration

Enables/disables this configuration.

Recursion

Enables/disables recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.

DNSSEC

Enables/disables DNSSEC.

DNSSEC Validation

Enables/disables DNSSEC validation.

Listen on IPv6

Enables/disables listening for DNS requests on the interface IPv6 address.

Listen on IPv4

Enables/disables listening for DNS requests on the interface IPv4 address.

Traffic Log

Enables/disables traffic log.

Listen on All Interface

Enables listening on all interfaces.

Forward

  • First—The DNS server queries the forwarder before doing its own DNS lookup.
  • Only—Only queries the forwarder. Does not perform its own DNS lookups.

Note: The internal server caches the results it learns from forwarders, which optimizes subsequent lookups.

Use System DNS Server

Forwards DNS requests to the system DNS server instead of the forwarders list.

Response Rate Limit

Selects a rate limit configuration object. See Configuring the response rate limit.

Configuring general settings

The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.

The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have Read-Write permission for Global Load Balance settings.
To configure general settings:
  1. Go to Global Load Balance > Zone Tools.
  2. Click the General Settings tab.
  3. Complete the configuration as described in General configuration.
  4. Save the configuration.

General configuration

Settings Guidelines

Global DNS Configuration

Enables/disables this configuration.

Recursion

Enables/disables recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.

DNSSEC

Enables/disables DNSSEC.

DNSSEC Validation

Enables/disables DNSSEC validation.

Listen on IPv6

Enables/disables listening for DNS requests on the interface IPv6 address.

Listen on IPv4

Enables/disables listening for DNS requests on the interface IPv4 address.

Traffic Log

Enables/disables traffic log.

Listen on All Interface

Enables listening on all interfaces.

Forward

  • First—The DNS server queries the forwarder before doing its own DNS lookup.
  • Only—Only queries the forwarder. Does not perform its own DNS lookups.

Note: The internal server caches the results it learns from forwarders, which optimizes subsequent lookups.

Use System DNS Server

Forwards DNS requests to the system DNS server instead of the forwarders list.

Response Rate Limit

Selects a rate limit configuration object. See Configuring the response rate limit.