Fortinet black logo

CLI Reference

config global-dns-server remote-dns-server

config global-dns-server remote-dns-server

Use this command to create a list of DNS forwarders.

DNS forwarders are commonly used when you do not want the local DNS server to connect to Internet DNS servers. For example, if the local DNS server is behind a firewall and you do not want to allow DNS through that firewall, you implement DNS forwarding to a remote server that is deployed in a DMZ or similar network region that can contact Internet DNS servers.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the remote DNS servers that can be used to communicate with Internet domain servers.
  • You must have read-write permission for global load balancing settings.

After you have configured a remote DNS server, you can select it in the DNS zone and DNS policy configurations.

Syntax

config global-dns-server remote-dns-server

edit <name>

config member

edit <No.>

set addr-type {ipv4|ipv6}

set ip <class_ip>

set ip6 <class_ip>

set port <integer>

next

end

next

end

addr-type

IPv4 or IPv6

ip

IP address of the remote DNS server.

ip6

IP address of the remote DNS server.

port

Port number the remote server uses for DNS. The default is 53.

Example

FortiADC-VM # config global-dns-server remote-dns-server

FortiADC-VM (remote-dns-ser~e) # edit google.com

Add new entry 'google.com' for node 2329

FortiADC-VM (google.com) # config member

FortiADC-VM (member) # edit 1

Add new entry '1' for node 2331

FortiADC-VM (1) # get

addr-type : ipv4

ip : 0.0.0.0

port : 53

FortiADC-VM (1) # set ip 8.8.8.8

FortiADC-VM (1) # get

addr-type : ipv4

ip : 8.8.8.8

port : 53

FortiADC-VM (1) # end

FortiADC-VM (google.com) # end

config global-dns-server remote-dns-server

Use this command to create a list of DNS forwarders.

DNS forwarders are commonly used when you do not want the local DNS server to connect to Internet DNS servers. For example, if the local DNS server is behind a firewall and you do not want to allow DNS through that firewall, you implement DNS forwarding to a remote server that is deployed in a DMZ or similar network region that can contact Internet DNS servers.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the remote DNS servers that can be used to communicate with Internet domain servers.
  • You must have read-write permission for global load balancing settings.

After you have configured a remote DNS server, you can select it in the DNS zone and DNS policy configurations.

Syntax

config global-dns-server remote-dns-server

edit <name>

config member

edit <No.>

set addr-type {ipv4|ipv6}

set ip <class_ip>

set ip6 <class_ip>

set port <integer>

next

end

next

end

addr-type

IPv4 or IPv6

ip

IP address of the remote DNS server.

ip6

IP address of the remote DNS server.

port

Port number the remote server uses for DNS. The default is 53.

Example

FortiADC-VM # config global-dns-server remote-dns-server

FortiADC-VM (remote-dns-ser~e) # edit google.com

Add new entry 'google.com' for node 2329

FortiADC-VM (google.com) # config member

FortiADC-VM (member) # edit 1

Add new entry '1' for node 2331

FortiADC-VM (1) # get

addr-type : ipv4

ip : 0.0.0.0

port : 53

FortiADC-VM (1) # set ip 8.8.8.8

FortiADC-VM (1) # get

addr-type : ipv4

ip : 8.8.8.8

port : 53

FortiADC-VM (1) # end

FortiADC-VM (google.com) # end