Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 6.4.11 CLI Reference

config system vdom-dns

6.4.11
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID a21b6ae8-5a0a-11ed-96f0-fa163e15d75b:32620
Download PDF

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set dns-over-tls [disable|enable|...]
    set interface {string}
    set interface-select-method [auto|sdwan|...]
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set primary {ipv4-address}
    set secondary {ipv4-address}
    set server-hostname <hostname1>, <hostname2>, ...
    set source-ip {ipv4-address}
    set ssl-certificate {string}
    set vdom-dns [enable|disable]
end

config system vdom-dns

Parameter

Description

Type

Size

Default

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

disable

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

interface

Specify outgoing interface to reach server.

string

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

0.0.0.0

ssl-certificate

Name of local certificate for SSL connections.

string

Not Specified

Fortinet_Factory

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

disable

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.
Previous
Next

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set dns-over-tls [disable|enable|...]
    set interface {string}
    set interface-select-method [auto|sdwan|...]
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set primary {ipv4-address}
    set secondary {ipv4-address}
    set server-hostname <hostname1>, <hostname2>, ...
    set source-ip {ipv4-address}
    set ssl-certificate {string}
    set vdom-dns [enable|disable]
end

config system vdom-dns

Parameter

Description

Type

Size

Default

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

disable

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

interface

Specify outgoing interface to reach server.

string

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

0.0.0.0

ssl-certificate

Name of local certificate for SSL connections.

string

Not Specified

Fortinet_Factory

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

disable

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.
Previous
Next