Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system dns

Configure DNS.

config system dns

Description: Configure DNS.

set primary {ipv4-address}

set secondary {ipv4-address}

set dns-over-tls [disable|enable|...]

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set domain <domain1>, <domain2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set timeout {integer}

set retry {integer}

set dns-cache-limit {integer}

set dns-cache-ttl {integer}

set cache-notfound-responses [disable|enable]

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system dns

Parameter name

Description

Type

Size

primary

Primary DNS server IP address.

ipv4-address

Not Specified

secondary

Secondary DNS server IP address.

ipv4-address

Not Specified

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

 

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

domain <domain>

Search suffix list for hostname lookup.

DNS search domain list separated by space (maximum 8 domains).

string

Maximum length: 127

ip6-primary

Primary DNS server IPv6 address.

ipv6-address

Not Specified

ip6-secondary

Secondary DNS server IPv6 address.

ipv6-address

Not Specified

timeout

DNS query timeout interval in seconds (1 - 10).

integer

Minimum value: 1 Maximum value: 10

retry

Number of times to retry (0 - 5).

integer

Minimum value: 0 Maximum value: 5

dns-cache-limit

Maximum number of records in the DNS cache.

integer

Minimum value: 0 Maximum value: 4294967295

dns-cache-ttl

Duration in seconds that the DNS cache retains information.

integer

Minimum value: 60 Maximum value: 86400

cache-notfound-responses

Enable/disable response from the DNS server when a record is not in cache.

option

-

 

Option

Description

disable

Disable cache NOTFOUND responses from DNS server.

enable

Enable cache NOTFOUND responses from DNS server.

source-ip

IP address used by the DNS server as its source IP.

ipv4-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config system dns

Configure DNS.

config system dns

Description: Configure DNS.

set primary {ipv4-address}

set secondary {ipv4-address}

set dns-over-tls [disable|enable|...]

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set domain <domain1>, <domain2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set timeout {integer}

set retry {integer}

set dns-cache-limit {integer}

set dns-cache-ttl {integer}

set cache-notfound-responses [disable|enable]

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system dns

Parameter name

Description

Type

Size

primary

Primary DNS server IP address.

ipv4-address

Not Specified

secondary

Secondary DNS server IP address.

ipv4-address

Not Specified

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

 

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

domain <domain>

Search suffix list for hostname lookup.

DNS search domain list separated by space (maximum 8 domains).

string

Maximum length: 127

ip6-primary

Primary DNS server IPv6 address.

ipv6-address

Not Specified

ip6-secondary

Secondary DNS server IPv6 address.

ipv6-address

Not Specified

timeout

DNS query timeout interval in seconds (1 - 10).

integer

Minimum value: 1 Maximum value: 10

retry

Number of times to retry (0 - 5).

integer

Minimum value: 0 Maximum value: 5

dns-cache-limit

Maximum number of records in the DNS cache.

integer

Minimum value: 0 Maximum value: 4294967295

dns-cache-ttl

Duration in seconds that the DNS cache retains information.

integer

Minimum value: 60 Maximum value: 86400

cache-notfound-responses

Enable/disable response from the DNS server when a record is not in cache.

option

-

 

Option

Description

disable

Disable cache NOTFOUND responses from DNS server.

enable

Enable cache NOTFOUND responses from DNS server.

source-ip

IP address used by the DNS server as its source IP.

ipv4-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15