Fortinet white logo
Fortinet white logo

CLI Reference

config system vdom-dns

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set vdom-dns [enable|disable]
    set primary {ipv4-address}
    set secondary {ipv4-address}
    set protocol {option1}, {option2}, ...
    set ssl-certificate {string}
    set server-hostname <hostname1>, <hostname2>, ...
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set source-ip {ipv4-address}
    set interface-select-method [auto|sdwan|...]
    set interface {string}
    set server-select-method [least-rtt|failover]
    set alt-primary {ipv4-address}
    set alt-secondary {ipv4-address}
end

config system vdom-dns

Parameter

Description

Type

Size

Default

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

disable

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

protocol

DNS transport protocols.

option

-

cleartext

Option

Description

cleartext

DNS over UDP/53, DNS over TCP/53.

dot

DNS over TLS/853.

doh

DNS over HTTPS/443.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

0.0.0.0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

server-select-method

Specify how configured servers are prioritized.

option

-

least-rtt

Option

Description

least-rtt

Select servers based on least round trip time.

failover

Select servers based on the order they are configured.

alt-primary

Alternate primary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0

alt-secondary

Alternate secondary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0

config system vdom-dns

config system vdom-dns

Configure DNS servers for a non-management VDOM.

config system vdom-dns
    Description: Configure DNS servers for a non-management VDOM.
    set vdom-dns [enable|disable]
    set primary {ipv4-address}
    set secondary {ipv4-address}
    set protocol {option1}, {option2}, ...
    set ssl-certificate {string}
    set server-hostname <hostname1>, <hostname2>, ...
    set ip6-primary {ipv6-address}
    set ip6-secondary {ipv6-address}
    set source-ip {ipv4-address}
    set interface-select-method [auto|sdwan|...]
    set interface {string}
    set server-select-method [least-rtt|failover]
    set alt-primary {ipv4-address}
    set alt-secondary {ipv4-address}
end

config system vdom-dns

Parameter

Description

Type

Size

Default

vdom-dns

Enable/disable configuring DNS servers for the current VDOM.

option

-

disable

Option

Description

enable

Enable configuring DNS servers for the current VDOM.

disable

Disable configuring DNS servers for the current VDOM.

primary

Primary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

secondary

Secondary DNS server IP address for the VDOM.

ipv4-address

Not Specified

0.0.0.0

protocol

DNS transport protocols.

option

-

cleartext

Option

Description

cleartext

DNS over UDP/53, DNS over TCP/53.

dot

DNS over TLS/853.

doh

DNS over HTTPS/443.

ssl-certificate

Name of local certificate for SSL connections.

string

Maximum length: 35

Fortinet_Factory

server-hostname <hostname>

DNS server host name list.

DNS server host name list separated by space (maximum 4 domains).

string

Maximum length: 127

ip6-primary

Primary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

ip6-secondary

Secondary IPv6 DNS server IP address for the VDOM.

ipv6-address

Not Specified

::

source-ip

Source IP for communications with the DNS server.

ipv4-address

Not Specified

0.0.0.0

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

server-select-method

Specify how configured servers are prioritized.

option

-

least-rtt

Option

Description

least-rtt

Select servers based on least round trip time.

failover

Select servers based on the order they are configured.

alt-primary

Alternate primary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0

alt-secondary

Alternate secondary DNS server. This is not used as a failover DNS server.

ipv4-address

Not Specified

0.0.0.0