Interfaces in non-management VDOMs as the source IP address of the DNS conditional forwarding server
This information is also available in the FortiProxy 7.6 Administration Guide: |
Interfaces that are in non-management VDOMs can be the source IP address of the DNS conditional forwarding server.
-
When
vdom-dns
is enabled in a VDOM, only the IP addresses of interfaces in that VDOM can be configured as thesource-ip
. -
When
vdom-dns
is disabled (default), only the IP address of interfaces in the management VDOM can be configured as thesource-ip
.
In this example:
-
vdom1
is a non-management VDOM -
port8
is assigned tovdom1
and has IP address 13.13.13.13 -
port1
is assigned to the management VDOM (root) and has IP address 172.16.200.1
To configure the interfaces:
config global config system interface edit "port8" set vdom "vdom1" set ip 13.13.13.13 255.255.255.0 next edit "port1" set vdom "root" set ip 172.16.200.1 255.255.255.0 next end end
To test configuring a source IP address when vdom-dns
is disabled:
config vdom edit vdom1 config system vdom-dns set vdom-dns disable end next end
-
port8
cannot be used as the source IP address in a DNS database because it is assigned tovdom1
, and not to a management VDOM:config vdom edit vdom1 config system dns-database edit "1" set source-ip 13.13.13.13 13.13.13.13 does not match any interface ip in vdom root. node_check_object fail! for source-ip 13.13.13.13
-
port1
can be used as the source IP address in a DNS database because it is assigned to the management VDOM:config vdom edit vdom1 config system dns-database edit "1" set source-ip 172.16.200.1 next end next end
To test configuring a source IP address when vdom-dns
is enabled:
config vdom edit vdom1 config system vdom-dns set vdom-dns enable end next end
-
port8
can be used as the source IP address in a DNS database because it is assigned to thevdom1
:config vdom edit vdom1 config system dns-database edit "1" set source-ip 13.13.13.13 next end next end
-
port1
cannot be used as the source IP address in a DNS database because it is assigned to the management VDOM, and not tovdom1
:config vdom edit vdom1 config system dns-database edit "1" set source-ip 172.16.200.1 172.16.200.1 does not match any interface ip in vdom vdom1. node_check_object fail! for source-ip 172.16.200.1