Fortinet black logo

CLI Reference

config system vdom-dns

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set alt-primary {ipv4-address}
    set alt-secondary {ipv4-address}
    set interface {string}
    set interface-select-method [auto|sdwan|...]
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set primary {ipv4-address}
    set protocol {option1}, {option2}, ...
    set secondary {ipv4-address}
    set server-hostname <hostname1>, <hostname2>, ...
    set server-select-method [least-rtt|failover]
    set source-ip {ipv4-address}
    set ssl-certificate {string}
    set vdom-dns [enable|disable]
end

config system vdom-dns

Parameter

Description

Type

Size

Default

alt-primary

Alternate primary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0

alt-secondary

Alternate secondary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

protocol

DNS transport protocols.

option

-

cleartext

Option

Description

cleartext

DNS over UDP/53, DNS over TCP/53.

dot

DNS over TLS/853.

doh

DNS over HTTPS/443.

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

server-select-method

Specify how configured servers are prioritized.

option

-

least-rtt

Option

Description

least-rtt

Select servers based on least round trip time.

failover

Select servers based on the order they are configured.

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

0.0.0.0

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

disable

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set alt-primary {ipv4-address}
    set alt-secondary {ipv4-address}
    set interface {string}
    set interface-select-method [auto|sdwan|...]
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set primary {ipv4-address}
    set protocol {option1}, {option2}, ...
    set secondary {ipv4-address}
    set server-hostname <hostname1>, <hostname2>, ...
    set server-select-method [least-rtt|failover]
    set source-ip {ipv4-address}
    set ssl-certificate {string}
    set vdom-dns [enable|disable]
end

config system vdom-dns

Parameter

Description

Type

Size

Default

alt-primary

Alternate primary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0

alt-secondary

Alternate secondary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

protocol

DNS transport protocols.

option

-

cleartext

Option

Description

cleartext

DNS over UDP/53, DNS over TCP/53.

dot

DNS over TLS/853.

doh

DNS over HTTPS/443.

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

server-select-method

Specify how configured servers are prioritized.

option

-

least-rtt

Option

Description

least-rtt

Select servers based on least round trip time.

failover

Select servers based on the order they are configured.

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

0.0.0.0

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

disable

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.