DNS domain list
You can configure up to eight domains in the DNS settings using the GUI or the CLI.
When a FortiGate requests a URL that does not include an FQDN, FortiOS resolves the URL by traversing through the DNS domain list and performing a query for each domain until the first match is found.
By default, FortiGates use FortiGuard's DNS servers:
-
Primary: 96.45.45.45
-
Secondary: 96.45.46.46
You can also customize the DNS timeout time and the number of retry attempts.
To configure a DNS domain list in the GUI:
-
Go to Network > DNS.
-
Set DNS Servers to Specify.
-
Configure the primary and secondary DNS servers as needed.
-
In the Local Domain Name field, enter the first domain (
sample.com
in this example). -
Click the + to add more domains (
example.com
anddomainname.com
in this example). You can enter up to eight domains. -
Configure additional DNS protocol and IPv6 settings as needed.
-
Click Apply.
To configure a DNS domain list in the CLI:
config system dns set primary 96.45.45.45 set secondary 96.45.46.46 set domain "sample.com" "example.com" "domainname.com" end
Verify the DNS configuration
In the following example, the local DNS server has the entry for host1 mapped to the FQDN of host1.sample.com, and the entry for host2 is mapped to the FQDN of host2.example.com.
To verify that the DNS domain list is configured:
-
Open the FortiGate CLI.
-
Enter
execute ping host1
.The system returns the following response:
PING host1.sample.com (1.1.1.1): 56 data bytes
As the request does not include an FQDN, FortiOS traverses the configured DNS domain list to find a match. Because host1 is mapped to the host1.sample.com, FortiOS resolves host1 to sample.com, the first entry in the domain list.
-
Enter
execute ping host2
.The system returns the following response:
PING host2.example.com (2.2.2.2): 56 data bytes
FortiOS traverses the domain list to find a match. It first queries sample.com, the first entry in the domain list, but does not find a match. It then queries the second entry in the domain list, example.com. Because host2 is mapped to the FQDN of host2.example.com, FortiOS resolves host2 to example.com.
DNS timeout and retry settings
The DNS timeout and retry settings can be customized using the CLI.
config system dns set timeout <integer> set retry <integer> end
timeout <integer> |
The DNS query timeout interval, in seconds (1 - 10, default = 5). |
retry <integer> |
The number of times to retry the DNS query (0 - 5, default - 2). |