Starting with its 7.2.0 release, FortiExtender can work as a DNS server. You can configure it as a pure DNS proxy server which forwards DNS requests directly to the upstream DNS server, or as a normal DNS server that maintains DNS resource records without forwarding, or a combination of the two, as needed.
When DNS service is enabled on a specific interface, the FortiExtender listens for DNS query requests on that interface. Depending on the configuration, the DNS service on FortiExtender can work in three modes:
Recursive — Is for the shadow DNS database and forward. In this mode, FortiExtender looks up the local shadow DNS database first. If no DNS RR (resource record) is found, the DNS request will be forwarded to the configured system DNS server.
Non-recursive — Is for the public DNS database only. In this mode, FortiExtender only looks up the local public DNS database. If no DNS RR (resource record) is found, it will reply with an error status of NXDOMAIN.
Forward-only — Is for forwarding to the system DNS server only. In this mode, FortiExtender will forward DNS requests directly to the configured system DNS servers.
For more information, see: