Fortinet Document Library

Version:


Table of Contents

Related Videos

DNS Domain List

  • 1,011 views
  • 7 months ago

New Features

6.2.0
Download PDF
Copy Link

DNS - Multiple Domain List

DNS settings have been expanded to support a list of up to eight domains. When a client requests a URL that does not include a FQDN, FortiOS resolves the URL by traversing through the DNS domain list and performing a query for each domain until the first match is found.

You can configure a DNS domain list using the GUI or the CLI.

CLI options have been added to allow customization of the DNS timeout and retry settings.

To configure a DNS domain list using the GUI:
  1. In FortiOS, go to Network > DNS.
  2. You can click the + button to add multiple domains. Configure up to eight domains as required. In the example below, the DNS domain list is configured to include three domains: sample.com, example.com, and domainname.com.
  3. Configure additional DNS settings as required, then click Apply.

To configure a DNS domain list using the CLI:

The example below shows the CLI commands for setting the primary DNS server IP address to 172.16.200.1 and configuring multiple domains: sample.com, example.com, and domainname.com.

config system dns

set primary 172.16.200.1

set domain "sample.com" "example.com" "domainname.com"

end

To configure the DNS timeout and retry settings using the CLI:

You may want to customize the DNS timeout and retry settings. For example, if you have eight domains configured, you may want to decrease the DNS timeout value to avoid delays. The following table defines the timeout and retry settings:

CLI option

Description

timeout

DNS query timeout interval in seconds. Enter an integer value between 1 and 10. The default value is 5 seconds.

retry

Number of times to retry the DNS query. Enter an integer value between 0 and 5. The default value is 2 tries.

The example below increases the timeout to 7 seconds and the number of retries to 3:

config system dns

set timeout 7

set retry 3

end

To confirm the DNS domain list was configured:

Once configuration is complete, you can verify that the DNS domain list was configured as desired.

In the example below, the local DNS server has the entry for host1 mapped to the FQDN of host1.sample.com, while the entry for host2 is mapped to the FQDN of host2.example.com. The example shows pinging host1 and host2 to verify that the domain list was configured as desired.

  1. In Command Prompt, enter ping host1. The system returns the following response:

    PING host1.sample.com (1.1.1.1): 56 data bytes

    Since the request does not include a FQDN, FortiOS traverses the configured DNS domain list to find a match. Since host1 is mapped to the host1.sample.com, FortiOS resolves host1 to sample.com, the first entry in the domain list.

  2. Enter ping host2. The system returns the following response:

    PING host2.example.com (2.2.2.2): 56 data bytes

    Again, FortiOS traverses the domain list to find a match. It first queries sample.com, the first entry in the domain list, but does not find a match. It then queries the second entry in the domain list, example.com. Since host2 is mapped to the FQDN of host2.example.com, FortiOS resolves host2 to example.com.

Related Videos

DNS Domain List

  • 1,011 views
  • 7 months ago

DNS - Multiple Domain List

DNS settings have been expanded to support a list of up to eight domains. When a client requests a URL that does not include a FQDN, FortiOS resolves the URL by traversing through the DNS domain list and performing a query for each domain until the first match is found.

You can configure a DNS domain list using the GUI or the CLI.

CLI options have been added to allow customization of the DNS timeout and retry settings.

To configure a DNS domain list using the GUI:
  1. In FortiOS, go to Network > DNS.
  2. You can click the + button to add multiple domains. Configure up to eight domains as required. In the example below, the DNS domain list is configured to include three domains: sample.com, example.com, and domainname.com.
  3. Configure additional DNS settings as required, then click Apply.

To configure a DNS domain list using the CLI:

The example below shows the CLI commands for setting the primary DNS server IP address to 172.16.200.1 and configuring multiple domains: sample.com, example.com, and domainname.com.

config system dns

set primary 172.16.200.1

set domain "sample.com" "example.com" "domainname.com"

end

To configure the DNS timeout and retry settings using the CLI:

You may want to customize the DNS timeout and retry settings. For example, if you have eight domains configured, you may want to decrease the DNS timeout value to avoid delays. The following table defines the timeout and retry settings:

CLI option

Description

timeout

DNS query timeout interval in seconds. Enter an integer value between 1 and 10. The default value is 5 seconds.

retry

Number of times to retry the DNS query. Enter an integer value between 0 and 5. The default value is 2 tries.

The example below increases the timeout to 7 seconds and the number of retries to 3:

config system dns

set timeout 7

set retry 3

end

To confirm the DNS domain list was configured:

Once configuration is complete, you can verify that the DNS domain list was configured as desired.

In the example below, the local DNS server has the entry for host1 mapped to the FQDN of host1.sample.com, while the entry for host2 is mapped to the FQDN of host2.example.com. The example shows pinging host1 and host2 to verify that the domain list was configured as desired.

  1. In Command Prompt, enter ping host1. The system returns the following response:

    PING host1.sample.com (1.1.1.1): 56 data bytes

    Since the request does not include a FQDN, FortiOS traverses the configured DNS domain list to find a match. Since host1 is mapped to the host1.sample.com, FortiOS resolves host1 to sample.com, the first entry in the domain list.

  2. Enter ping host2. The system returns the following response:

    PING host2.example.com (2.2.2.2): 56 data bytes

    Again, FortiOS traverses the domain list to find a match. It first queries sample.com, the first entry in the domain list, but does not find a match. It then queries the second entry in the domain list, example.com. Since host2 is mapped to the FQDN of host2.example.com, FortiOS resolves host2 to example.com.