DNS - Multiple Domain List
DNS settings have been expanded to support a list of up to eight domains. When a client requests a URL that does not include a FQDN, FortiOS resolves the URL by traversing through the DNS domain list and performing a query for each domain until the first match is found.
You can configure a DNS domain list using the GUI or the CLI.
CLI options have been added to allow customization of the DNS
To configure a DNS domain list using the GUI:
- In FortiOS, go to Network > DNS.
- You can click the + button to add multiple domains. Configure up to eight domains as required. In the example below, the DNS domain list is configured to include three domains: sample.com, example.com, and domainname.com.
- Configure additional DNS settings as required, then click Apply.
To configure a DNS domain list using the CLI:
The example below shows the CLI commands for setting the primary DNS server IP address to 172.16.200.1 and configuring multiple domains: sample.com, example.com, and domainname.com.
config system dns
set primary 172.16.200.1
set domain "sample.com" "example.com" "domainname.com"
To configure the DNS timeout and retry settings using the CLI:
You may want to customize the DNS timeout and retry settings. For example, if you have eight domains configured, you may want to decrease the DNS timeout value to avoid delays. The following table defines the timeout and retry settings:
DNS query timeout interval in seconds. Enter an integer value between 1 and 10. The default value is 5 seconds.
Number of times to retry the DNS query. Enter an integer value between 0 and 5. The default value is 2 tries.
The example below increases the timeout to 7 seconds and the number of retries to 3:
config system dns
set timeout 7
set retry 3
To confirm the DNS domain list was configured:
Once configuration is complete, you can verify that the DNS domain list was configured as desired.
In the example below, the local DNS server has the entry for host1 mapped to the FQDN of host1.sample.com, while the entry for host2 is mapped to the FQDN of host2.example.com. The example shows pinging host1 and host2 to verify that the domain list was configured as desired.
- In Command Prompt, enter
ping host1. The system returns the following response:
PING host1.sample.com (184.108.40.206): 56 data bytes
Since the request does not include a FQDN, FortiOS traverses the configured DNS domain list to find a match. Since host1 is mapped to the host1.sample.com, FortiOS resolves host1 to sample.com, the first entry in the domain list.
ping host2. The system returns the following response:
PING host2.example.com (220.127.116.11): 56 data bytes
Again, FortiOS traverses the domain list to find a match. It first queries sample.com, the first entry in the domain list, but does not find a match. It then queries the second entry in the domain list, example.com. Since host2 is mapped to the FQDN of host2.example.com, FortiOS resolves host2 to example.com.