Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config global-dns-server general

Use this command to configure basic behavior for the DNS server.

The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.

The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have read-write permission for global load balancing settings.

Syntax

config global-dns-server general

set dnssec-status {enable|disable}

set dnssec-validate-status {enable|disable}

set forward {first | only}

set forwarders <datasource>

set gds-status {enable|disable}

set ipv4-accessed-status {enable|disable}

set ipv6-accessed-status {enable|disable}

set listen-on-all-interface {enable|disable}

set listen-on-interface <datasource>

set recursion-status {enable|disable}

set response-rate-limit <datasource>

set traffic-log {enable|disable}

set use-system-dns-server {enable|disable}

end

dnssec-status

Enable/disable DNSSEC.

dnssec-validate-status

Enable/disable DNSSEC validation.

forward

  • first—The DNS server queries the forwarder before doing its own DNS lookup.
  • only—Only queries the forwarder. Does not perform its own DNS lookups.

forwarders

If the DNS server zone has been configured as a forwarder, specify the remote DNS server to which it forwards requests.

gds-status

Enable/disable the DNS server configuration.

ipv4-accessed-status

Enable/disable listening for DNS requests on the interface IPv4 address.

ipv6-accessed-status

Enable/disable listening for DNS requests on the interface IPv6 address.

listen-on-all-interface

Enable listening on all interfaces.

listen-on-interface

If you do not listen on all interfaces, select one or more ports to listen on.

recursion-status

Enable/disable recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.

response-rate-limit

Specify a rate limit configuration object.

traffic-log

Enable/disable logging.

use-system-dns-server

Forward DNS requests to the system DNS server instead of the forwarder.

Example

FortiADC-VM # config global-dns-server general

 

FortiADC-VM (general) # get

gds-status : disable

recursion-status : enable

dnssec-status : disable

dnssec-validate-status : disable

ipv6-accessed-status : enable

ipv4-accessed-status : enable

traffic-log : disable

listen-on-all-interface : enable

forward : first

use-system-dns-server : enable

response-rate-limit :

 

FortiADC-VM (general) # set gds-status enable

FortiADC-VM (general) # end

config global-dns-server general

Use this command to configure basic behavior for the DNS server.

The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.

The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have read-write permission for global load balancing settings.

Syntax

config global-dns-server general

set dnssec-status {enable|disable}

set dnssec-validate-status {enable|disable}

set forward {first | only}

set forwarders <datasource>

set gds-status {enable|disable}

set ipv4-accessed-status {enable|disable}

set ipv6-accessed-status {enable|disable}

set listen-on-all-interface {enable|disable}

set listen-on-interface <datasource>

set recursion-status {enable|disable}

set response-rate-limit <datasource>

set traffic-log {enable|disable}

set use-system-dns-server {enable|disable}

end

dnssec-status

Enable/disable DNSSEC.

dnssec-validate-status

Enable/disable DNSSEC validation.

forward

  • first—The DNS server queries the forwarder before doing its own DNS lookup.
  • only—Only queries the forwarder. Does not perform its own DNS lookups.

forwarders

If the DNS server zone has been configured as a forwarder, specify the remote DNS server to which it forwards requests.

gds-status

Enable/disable the DNS server configuration.

ipv4-accessed-status

Enable/disable listening for DNS requests on the interface IPv4 address.

ipv6-accessed-status

Enable/disable listening for DNS requests on the interface IPv6 address.

listen-on-all-interface

Enable listening on all interfaces.

listen-on-interface

If you do not listen on all interfaces, select one or more ports to listen on.

recursion-status

Enable/disable recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer.

response-rate-limit

Specify a rate limit configuration object.

traffic-log

Enable/disable logging.

use-system-dns-server

Forward DNS requests to the system DNS server instead of the forwarder.

Example

FortiADC-VM # config global-dns-server general

 

FortiADC-VM (general) # get

gds-status : disable

recursion-status : enable

dnssec-status : disable

dnssec-validate-status : disable

ipv6-accessed-status : enable

ipv4-accessed-status : enable

traffic-log : disable

listen-on-all-interface : enable

forward : first

use-system-dns-server : enable

response-rate-limit :

 

FortiADC-VM (general) # set gds-status enable

FortiADC-VM (general) # end