Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system dns

Configure DNS.

config system dns

Description: Configure DNS.

set primary {ipv4-address}

set secondary {ipv4-address}

set dns-over-tls [disable|enable|...]

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set domain <domain1>, <domain2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set timeout {integer}

set retry {integer}

set dns-cache-limit {integer}

set dns-cache-ttl {integer}

set cache-notfound-responses [disable|enable]

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system dns

Parameter

Description

Type

Size

Default

primary

Primary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

disable

 

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

domain <domain>

Search suffix list for hostname lookup.

DNS search domain list separated by space (maximum 8 domains).

string

Maximum length: 127

ip6-primary

Primary DNS server IPv6 address.

ipv6-address

Not Specified

::

ip6-secondary

Secondary DNS server IPv6 address.

ipv6-address

Not Specified

::

timeout

DNS query timeout interval in seconds .

integer

Minimum value: 1 Maximum value: 10

5

retry

Number of times to retry .

integer

Minimum value: 0 Maximum value: 5

2

dns-cache-limit

Maximum number of records in the DNS cache.

integer

Minimum value: 0 Maximum value: 4294967295

5000

dns-cache-ttl

Duration in seconds that the DNS cache retains information.

integer

Minimum value: 60 Maximum value: 86400

1800

cache-notfound-responses

Enable/disable response from the DNS server when a record is not in cache.

option

-

disable

 

Option

Description

disable

Disable cache NOTFOUND responses from DNS server.

enable

Enable cache NOTFOUND responses from DNS server.

source-ip

IP address used by the DNS server as its source IP.

ipv4-address

Not Specified

0.0.0.0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config system dns

Configure DNS.

config system dns

Description: Configure DNS.

set primary {ipv4-address}

set secondary {ipv4-address}

set dns-over-tls [disable|enable|...]

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set domain <domain1>, <domain2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set timeout {integer}

set retry {integer}

set dns-cache-limit {integer}

set dns-cache-ttl {integer}

set cache-notfound-responses [disable|enable]

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system dns

Parameter

Description

Type

Size

Default

primary

Primary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

dns-over-tls

Enable/disable/enforce DNS over TLS.

option

-

disable

 

Option

Description

disable

Disable DNS over TLS.

enable

Use TLS for DNS queries if TLS is available.

enforce

Use only TLS for DNS queries. Does not fall back to unencrypted DNS queries if TLS is unavailable.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

domain <domain>

Search suffix list for hostname lookup.

DNS search domain list separated by space (maximum 8 domains).

string

Maximum length: 127

ip6-primary

Primary DNS server IPv6 address.

ipv6-address

Not Specified

::

ip6-secondary

Secondary DNS server IPv6 address.

ipv6-address

Not Specified

::

timeout

DNS query timeout interval in seconds .

integer

Minimum value: 1 Maximum value: 10

5

retry

Number of times to retry .

integer

Minimum value: 0 Maximum value: 5

2

dns-cache-limit

Maximum number of records in the DNS cache.

integer

Minimum value: 0 Maximum value: 4294967295

5000

dns-cache-ttl

Duration in seconds that the DNS cache retains information.

integer

Minimum value: 60 Maximum value: 86400

1800

cache-notfound-responses

Enable/disable response from the DNS server when a record is not in cache.

option

-

disable

 

Option

Description

disable

Disable cache NOTFOUND responses from DNS server.

enable

Enable cache NOTFOUND responses from DNS server.

source-ip

IP address used by the DNS server as its source IP.

ipv4-address

Not Specified

0.0.0.0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15