Fortinet black logo

CLI Reference

config system vdom-dns

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns

Description: Configure DNS servers for a non-management VDOM.

set vdom-dns [enable|disable]

set primary {ipv4-address}

set secondary {ipv4-address}

set dns-over-tls [disable|enable|...]

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system vdom-dns

Parameter

Description

Type

Size

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns

Description: Configure DNS servers for a non-management VDOM.

set vdom-dns [enable|disable]

set primary {ipv4-address}

set secondary {ipv4-address}

set dns-over-tls [disable|enable|...]

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system vdom-dns

Parameter

Description

Type

Size

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15