Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system dns

Configure DNS.

config system dns

Description: Configure DNS.

set primary {ipv4-address}

set secondary {ipv4-address}

set protocol {option1}, {option2}, ...

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set domain <domain1>, <domain2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set timeout {integer}

set retry {integer}

set dns-cache-limit {integer}

set dns-cache-ttl {integer}

set cache-notfound-responses [disable|enable]

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system dns

Parameter

Description

Type

Size

Default

primary

Primary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

protocol

DNS protocols.

option

-

cleartext

 

Option

Description

cleartext

Cleartext DNS over port 53.

dot

DNS over TLS.

doh

DNS over HTTPS.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

domain <domain>

Search suffix list for hostname lookup.

DNS search domain list separated by space (maximum 8 domains).

string

Maximum length: 127

ip6-primary

Primary DNS server IPv6 address.

ipv6-address

Not Specified

::

ip6-secondary

Secondary DNS server IPv6 address.

ipv6-address

Not Specified

::

timeout

DNS query timeout interval in seconds .

integer

Minimum value: 1 Maximum value: 10

5

retry

Number of times to retry .

integer

Minimum value: 0 Maximum value: 5

2

dns-cache-limit

Maximum number of records in the DNS cache.

integer

Minimum value: 0 Maximum value: 4294967295

5000

dns-cache-ttl

Duration in seconds that the DNS cache retains information.

integer

Minimum value: 60 Maximum value: 86400

1800

cache-notfound-responses

Enable/disable response from the DNS server when a record is not in cache.

option

-

disable

 

Option

Description

disable

Disable cache NOTFOUND responses from DNS server.

enable

Enable cache NOTFOUND responses from DNS server.

source-ip

IP address used by the DNS server as its source IP.

ipv4-address

Not Specified

0.0.0.0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config system dns

Configure DNS.

config system dns

Description: Configure DNS.

set primary {ipv4-address}

set secondary {ipv4-address}

set protocol {option1}, {option2}, ...

set ssl-certificate {string}

set server-hostname <hostname1>, <hostname2>, ...

set domain <domain1>, <domain2>, ...

set ip6-primary {ipv6-address}

set ip6-secondary {ipv6-address}

set timeout {integer}

set retry {integer}

set dns-cache-limit {integer}

set dns-cache-ttl {integer}

set cache-notfound-responses [disable|enable]

set source-ip {ipv4-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

end

config system dns

Parameter

Description

Type

Size

Default

primary

Primary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address.

ipv4-address

Not Specified

0.0.0.0

protocol

DNS protocols.

option

-

cleartext

 

Option

Description

cleartext

Cleartext DNS over port 53.

dot

DNS over TLS.

doh

DNS over HTTPS.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

domain <domain>

Search suffix list for hostname lookup.

DNS search domain list separated by space (maximum 8 domains).

string

Maximum length: 127

ip6-primary

Primary DNS server IPv6 address.

ipv6-address

Not Specified

::

ip6-secondary

Secondary DNS server IPv6 address.

ipv6-address

Not Specified

::

timeout

DNS query timeout interval in seconds .

integer

Minimum value: 1 Maximum value: 10

5

retry

Number of times to retry .

integer

Minimum value: 0 Maximum value: 5

2

dns-cache-limit

Maximum number of records in the DNS cache.

integer

Minimum value: 0 Maximum value: 4294967295

5000

dns-cache-ttl

Duration in seconds that the DNS cache retains information.

integer

Minimum value: 60 Maximum value: 86400

1800

cache-notfound-responses

Enable/disable response from the DNS server when a record is not in cache.

option

-

disable

 

Option

Description

disable

Disable cache NOTFOUND responses from DNS server.

enable

Enable cache NOTFOUND responses from DNS server.

source-ip

IP address used by the DNS server as its source IP.

ipv4-address

Not Specified

0.0.0.0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15