DNS Settings
Several FortiProxy functions use DNS, including alert email. You can specify the IP addresses of the DNS servers that your unit connects to. DNS server IP addresses are usually supplied by your ISP. To configure DNS settings, go to Network > DNS Settings.
Configure the following settings and select Apply:
DNS Servers |
Select Use FortiGuard Severs or Specify. If you select Specify, enter the IP addresses for the primary and secondary DNS servers. See also Use DNS over TLS for default FortiGuard DNS servers. |
Primary DNS Server |
Enter the IPv4 or IPv6 address for the primary DNS server. |
Secondary DNS Server |
Enter the IPv4 or IPv6 address for the secondary DNS server. |
Local Domain Name |
Enter the domain name to append to addresses with no domain portion when performing DNS lookups. |
DNS (UDP/53) |
Enable or disable the use of clear-text DNS over port 53. |
TLS (TCP/853) |
Enable or disable the use of DNS over TLS (DoT). |
HTTPS (TCP/443) |
Enable or disable the use of DNS over HTTPS (DoH). |
SSL certificate |
Select which SSL certificate or click Create to import a certificate. |
Server hostname |
Enter the host name of the DNS server. |
To enable DoT and DoH DNS in the CLI:
config system dns
set primary <IP_address>
set secondary <IP_address>
set protocol {cleartext | dot | doh}
end