Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 6.2.0 CLI Reference
    6.2.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config global-dns-server general

    config global-dns-server general

    Use this command to configure basic behavior for the DNS server.

    The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.

    The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.

    Before you begin:

    • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
    • You must have read-write permission for global load balancing settings.

    Syntax

    config global-dns-server general

    set dnssec-status {enable|disable}

    set dnssec-validate-status {enable|disable}

    set forward {first | only}

    set forwarders <datasource>

    set gds-status {enable|disable}

    set ipv4-accessed-status {enable|disable}

    set ipv6-accessed-status {enable|disable}

    set listen-on-all-interface {enable|disable}

    set listen-on-interface <datasource>

    set recursion-status {enable|disable}

    set response-rate-limit <datasource>

    set traffic-log {enable|disable}

    set use-system-dns-server {enable|disable}

    end

    dnssec-status

    Enable/disable DNSSEC.

    dnssec-validate-status

    Enable/disable DNSSEC validation.

    forward
    • first—The DNS server queries the forwarder before doing its own DNS lookup.
    • only—Only queries the forwarder. Does not perform its own DNS lookups.

    forwarders

    If the DNS server zone has been configured as a forwarder, specify the remote DNS server to which it forwards requests.

    gds-status

    Enable/disable the DNS server configuration.

    ipv4-accessed-status

    Enable/disable listening for DNS requests on the interface IPv4 address.

    ipv6-accessed-status

    Enable/disable listening for DNS requests on the interface IPv6 address.

    listen-on-all-interface

    Enable listening on all interfaces.

    listen-on-interface

    If you do not listen on all interfaces, select one or more ports to listen on.

    recursion-status

    Enable/disable recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.

    response-rate-limit

    Specify a rate limit configuration object.

    traffic-log

    		Enable/disable logging.

    use-system-dns-server

    Forward DNS requests to the system DNS server instead of the forwarder.

    Example

    FortiADC-VM # config global-dns-server general

    FortiADC-VM (general) # get

    gds-status : disable

    recursion-status : enable

    dnssec-status : disable

    dnssec-validate-status : disable

    ipv6-accessed-status : enable

    ipv4-accessed-status : enable

    traffic-log : disable

    listen-on-all-interface : enable

    forward : first

    use-system-dns-server : enable

    response-rate-limit :

    FortiADC-VM (general) # set gds-status enable

    FortiADC-VM (general) # end

    Previous
    Next

    config global-dns-server general

    config global-dns-server general

    Use this command to configure basic behavior for the DNS server.

    The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.

    The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.

    Before you begin:

    • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
    • You must have read-write permission for global load balancing settings.

    Syntax

    config global-dns-server general

    set dnssec-status {enable|disable}

    set dnssec-validate-status {enable|disable}

    set forward {first | only}

    set forwarders <datasource>

    set gds-status {enable|disable}

    set ipv4-accessed-status {enable|disable}

    set ipv6-accessed-status {enable|disable}

    set listen-on-all-interface {enable|disable}

    set listen-on-interface <datasource>

    set recursion-status {enable|disable}

    set response-rate-limit <datasource>

    set traffic-log {enable|disable}

    set use-system-dns-server {enable|disable}

    end

    dnssec-status

    Enable/disable DNSSEC.

    dnssec-validate-status

    Enable/disable DNSSEC validation.

    forward
    • first—The DNS server queries the forwarder before doing its own DNS lookup.
    • only—Only queries the forwarder. Does not perform its own DNS lookups.

    forwarders

    If the DNS server zone has been configured as a forwarder, specify the remote DNS server to which it forwards requests.

    gds-status

    Enable/disable the DNS server configuration.

    ipv4-accessed-status

    Enable/disable listening for DNS requests on the interface IPv4 address.

    ipv6-accessed-status

    Enable/disable listening for DNS requests on the interface IPv6 address.

    listen-on-all-interface

    Enable listening on all interfaces.

    listen-on-interface

    If you do not listen on all interfaces, select one or more ports to listen on.

    recursion-status

    Enable/disable recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.

    response-rate-limit

    Specify a rate limit configuration object.

    traffic-log

    		Enable/disable logging.

    use-system-dns-server

    Forward DNS requests to the system DNS server instead of the forwarder.

    Example

    FortiADC-VM # config global-dns-server general

    FortiADC-VM (general) # get

    gds-status : disable

    recursion-status : enable

    dnssec-status : disable

    dnssec-validate-status : disable

    ipv6-accessed-status : enable

    ipv4-accessed-status : enable

    traffic-log : disable

    listen-on-all-interface : enable

    forward : first

    use-system-dns-server : enable

    response-rate-limit :

    FortiADC-VM (general) # set gds-status enable

    FortiADC-VM (general) # end

    Previous
    Next