Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiExtender 7.6.5 CLI Reference
    7.6.5
    7.6.5
    7.6.4
    7.6.2
    7.6.1
    7.6.0
    7.4.4
    7.4.1
    7.4.0
    7.2.3

    config dns

    config dns

    Description: Configure DNS settings used to resolve domain names to IP addresses.

    config system dns
  set primary {ipv4-address}
  set secondary {ipv4-address}
  set ip6-primary {ipv6-address}
  set ip6-secondary {ipv6-address}
  set timeout [1 – 10]
  set retry [0 – 5]
  set dns-cache-limit [0 – 4294967295]
  set dns-cache-ttl [60 – 86400]
  set cache-notfound-response [enable | disable]
  set source-ip {ipv4-address}
  set server-select-method [least-rtt | failover]
  unset
  show
end
    Sample command:
    config system dns
  set primary 208.91.112.53
  set secondary 208.91.112.52
  set ip6-primary 2001:4860:4860::8888
  set ip6-secondary 2001:4860:4860::8844
  set timeout 5
  set retry 3
  set dns-cache-limit 5000
  set dns-cache-ttl 1800
  set cache-Tonotfound-responses disable
  set source-ip 0.0.0.0
  set server-select-method least-rtt
end
    Parameter Description Type Size Default
    primary Primary static DNS server IPv4 address. The default is the FortiGuard primary DNS server IP. IPv4 address - 208.91.112.53
    secondary Secondary static DNS server IPv4 address. The default is the FortiGuard secondary DNS server. IPv4 address - 208.91.112.52

    ip6-primary

    Primary static DNS server IPv6 address. The default value is empty and will not add to the DNS server pool.

    		 IPv6 address

    -

    ::

    ip6-secondary

    Secondary static DNS server IPv6 address. The default value is empty and will not add to the DNS server pool.

    		 IPv6 address

    -

    ::
    timeout DNS query timeout interval in seconds. integer 1 - 10 5
    retry Specify the number of retry attempts allowed for unsuccessful connections. integer 0 - 5 3
    dns-cache-limit

    Specify the maximum amount of records in the DNS cache that can be stored.

    		 integer 0 - 4294967295 5000
    dns-cache-ttl Duration in seconds that DNS cache retains information. integer 60 - 86400 1800
    cache-notfound-responses

    Specify whether or not to save the not-found response into cache. If enabled, no need to forward the not-found response to the DNS server in the future.

    		option - disable

    Option Description
    enable Enable cache-notfound-responses.
    disable Disable cache-notfound-responses.

    source-ip

    IP address used by the DNS server as its source IP.

    IPv4 address

    -

    0.0.0.0
    server-select-method Specify how configured servers are prioritized. option - least-rtt

    Option Descrption
    least-rtt In the dns-server selection pool, the round-trip time of each dns-server ip is calculated and sorted from the shortest to the longest, picking from the shortest one.
    failover This algorithm is a relatively fixed order. The first pick doesn't change until it fails the first time. The order is primary DNS > secondary DNS > dynamic DNS (learned from DHCP).
    Previous
    Next

    config dns

    config dns

    Description: Configure DNS settings used to resolve domain names to IP addresses.

    config system dns
  set primary {ipv4-address}
  set secondary {ipv4-address}
  set ip6-primary {ipv6-address}
  set ip6-secondary {ipv6-address}
  set timeout [1 – 10]
  set retry [0 – 5]
  set dns-cache-limit [0 – 4294967295]
  set dns-cache-ttl [60 – 86400]
  set cache-notfound-response [enable | disable]
  set source-ip {ipv4-address}
  set server-select-method [least-rtt | failover]
  unset
  show
end
    Sample command:
    config system dns
  set primary 208.91.112.53
  set secondary 208.91.112.52
  set ip6-primary 2001:4860:4860::8888
  set ip6-secondary 2001:4860:4860::8844
  set timeout 5
  set retry 3
  set dns-cache-limit 5000
  set dns-cache-ttl 1800
  set cache-Tonotfound-responses disable
  set source-ip 0.0.0.0
  set server-select-method least-rtt
end
    Parameter Description Type Size Default
    primary Primary static DNS server IPv4 address. The default is the FortiGuard primary DNS server IP. IPv4 address - 208.91.112.53
    secondary Secondary static DNS server IPv4 address. The default is the FortiGuard secondary DNS server. IPv4 address - 208.91.112.52

    ip6-primary

    Primary static DNS server IPv6 address. The default value is empty and will not add to the DNS server pool.

    		 IPv6 address

    -

    ::

    ip6-secondary

    Secondary static DNS server IPv6 address. The default value is empty and will not add to the DNS server pool.

    		 IPv6 address

    -

    ::
    timeout DNS query timeout interval in seconds. integer 1 - 10 5
    retry Specify the number of retry attempts allowed for unsuccessful connections. integer 0 - 5 3
    dns-cache-limit

    Specify the maximum amount of records in the DNS cache that can be stored.

    		 integer 0 - 4294967295 5000
    dns-cache-ttl Duration in seconds that DNS cache retains information. integer 60 - 86400 1800
    cache-notfound-responses

    Specify whether or not to save the not-found response into cache. If enabled, no need to forward the not-found response to the DNS server in the future.

    		option - disable

    Option Description
    enable Enable cache-notfound-responses.
    disable Disable cache-notfound-responses.

    source-ip

    IP address used by the DNS server as its source IP.

    IPv4 address

    -

    0.0.0.0
    server-select-method Specify how configured servers are prioritized. option - least-rtt

    Option Descrption
    least-rtt In the dns-server selection pool, the round-trip time of each dns-server ip is calculated and sorted from the shortest to the longest, picking from the shortest one.
    failover This algorithm is a relatively fixed order. The first pick doesn't change until it fails the first time. The order is primary DNS > secondary DNS > dynamic DNS (learned from DHCP).
    Previous
    Next