Force DNS request to go through DNSPROXY

In 7.2.2, FortiExtender has replaced the system/dns/search-order option and the default dns(8.8.8.8), and uses two algorithms to decide the dns-server selection order:

least-rtt — In the dns-server selection pool, the round-trip time of each dns-server IP is now calculated and sorted from the shortest to the longest. FortiExtender picks from the shortest one.
failover — This algorithm is a relatively fixed order. The first pick does not change until it fails the first time. The order is primary dns > secondary dns > dynamic dns (learned from DHCP).

In addition, you now can configure system DNS parameters on the FortiExtender that include the following:

primary dns server
secondary dns server
timeout
retry attempts
maximum dns cache limit
dns cache ttl
cache not found response option,
source ip, and
server select method

### get system dns
“redesign this command to show all the DNS configuration info”
e.g. 
# get system dns
primary                                 : 208.91.112.53
secondary                             : 208.91.112.52
timeout                                 : 5
retry                                       : 3
dns-cache-limit                    : 5000
dns-cache-ttl                        : 1800
cache-notfound-responses: disable
source-ip                               : 0.0.0.0
server-select-method         : least-rtt
acquired servers        :
wan:   172.30.1.105

###config system dns
config system dns
    set primary 208.91.112.53
    set secondary 208.91.112.52
    set timeout 5
    set retry 3
    set dns-cache-limit 5000
    set dns-cache-ttl 1800
    set cache-notfound-responses disable
    set source-ip 0.0.0.0
    set server-select-method least-rtt
end

Field	Description	Mandatory	Type	Value	Default value
primary	Specify the primary static DNS server IP.	Yes	string	IPV4	208.91.112.53
secondary	Specify the secondary static DNS server IP.	Yes	string	IPV4	208.91.112.52
timeout	Specify the timeout in seconds.	Yes	number	0-10	5
retry	Specify the number of retry attempts allowed for unsuccessful connections.	Yes	number	0-5	3
dns-cache-limit	Specify the maximum amount of cache that can be stored.	Yes	number	0-4294967295	5000
dns-cache-ttl	Specify the TTL of cached DNS value in seconds.	Yes	number	60-86400	1800
cache not-found response	Specify whether or not to save the not-found response into cache. If enabled, no need to forward the not-found response to the DNS server in the future.	Yes	option	disable/enable	disable
source-ip	Specify the IP address used by the DNS server as its source IP.	Yes	string	IPV4	0.0.0.0
server-select-method	Specify how configured servers are prioritized. least-rtt —In the dns-server selection pool, the round-trip time of each dns-server ip is —calculated and sorted from the shortest to the longest, picking from the shortest one. failover — This algorithm is a relatively fixed order. The first pick doesn't change until it fails the first time. The order is primary dns -> secondary dns > dynamic dns (learned from DHCP).	Yes	option	least-rtt / failover	least-rtt

Force DNS request to go through DNSPROXY

In 7.2.2, FortiExtender has replaced the system/dns/search-order option and the default dns(8.8.8.8), and uses two algorithms to decide the dns-server selection order:

least-rtt — In the dns-server selection pool, the round-trip time of each dns-server IP is now calculated and sorted from the shortest to the longest. FortiExtender picks from the shortest one.
failover — This algorithm is a relatively fixed order. The first pick does not change until it fails the first time. The order is primary dns > secondary dns > dynamic dns (learned from DHCP).

In addition, you now can configure system DNS parameters on the FortiExtender that include the following:

primary dns server
secondary dns server
timeout
retry attempts
maximum dns cache limit
dns cache ttl
cache not found response option,
source ip, and
server select method

### get system dns
“redesign this command to show all the DNS configuration info”
e.g. 
# get system dns
primary                                 : 208.91.112.53
secondary                             : 208.91.112.52
timeout                                 : 5
retry                                       : 3
dns-cache-limit                    : 5000
dns-cache-ttl                        : 1800
cache-notfound-responses: disable
source-ip                               : 0.0.0.0
server-select-method         : least-rtt
acquired servers        :
wan:   172.30.1.105

###config system dns
config system dns
    set primary 208.91.112.53
    set secondary 208.91.112.52
    set timeout 5
    set retry 3
    set dns-cache-limit 5000
    set dns-cache-ttl 1800
    set cache-notfound-responses disable
    set source-ip 0.0.0.0
    set server-select-method least-rtt
end

Field	Description	Mandatory	Type	Value	Default value
primary	Specify the primary static DNS server IP.	Yes	string	IPV4	208.91.112.53
secondary	Specify the secondary static DNS server IP.	Yes	string	IPV4	208.91.112.52
timeout	Specify the timeout in seconds.	Yes	number	0-10	5
retry	Specify the number of retry attempts allowed for unsuccessful connections.	Yes	number	0-5	3
dns-cache-limit	Specify the maximum amount of cache that can be stored.	Yes	number	0-4294967295	5000
dns-cache-ttl	Specify the TTL of cached DNS value in seconds.	Yes	number	60-86400	1800
cache not-found response	Specify whether or not to save the not-found response into cache. If enabled, no need to forward the not-found response to the DNS server in the future.	Yes	option	disable/enable	disable
source-ip	Specify the IP address used by the DNS server as its source IP.	Yes	string	IPV4	0.0.0.0
server-select-method	Specify how configured servers are prioritized. least-rtt —In the dns-server selection pool, the round-trip time of each dns-server ip is —calculated and sorted from the shortest to the longest, picking from the shortest one. failover — This algorithm is a relatively fixed order. The first pick doesn't change until it fails the first time. The order is primary dns -> secondary dns > dynamic dns (learned from DHCP).	Yes	option	least-rtt / failover	least-rtt

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Admin Guide (Standalone)

Force DNS request to go through DNSPROXY

Force DNS request to go through DNSPROXY

Force DNS request to go through DNSPROXY

Force DNS request to go through DNSPROXY