Fortinet black logo

CLI Reference

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

system dns

system dns

Configure DNS settings used to resolve domain names to IP addresses, so devices connected to a FortiGate interface can use it.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.5.

Command Description

config domain

Allows you to add multiple DNS domains.

 
config system dns
    set primary {ipv4 address}   Primary DNS server IP address.
    set secondary {ipv4 address}   Secondary DNS server IP address.
    config domain
        edit {domain}
        # Search suffix list for hostname lookup.
            set domain {string}   DNS search domain list separated by space (maximum 8 domains) size[127]
        next
    set ip6-primary {ipv6 address}   Primary DNS server IPv6 address.
    set ip6-secondary {ipv6 address}   Secondary DNS server IPv6 address.
    set timeout {integer}   DNS query timeout interval in seconds (1 - 10). range[1-10]
    set retry {integer}   Number of times to retry (0 - 5). range[0-5]
    set dns-cache-limit {integer}   Maximum number of records in the DNS cache. range[0-4294967295]
    set dns-cache-ttl {integer}   Duration in seconds that the DNS cache retains information. range[60-86400]
    set cache-notfound-responses {disable | enable}   Enable/disable response from the DNS server when a record is not in cache.
    set source-ip {ipv4 address}   IP address used by the DNS server as its source IP.
end

primary <ip>

The primary DNS server IP address, default is 208.91.112.53, a FortiGuard server.

secondary <ip>

The secondary DNS server IP address, default is 208.91.112.52, a FortiGuard server.

config domain

Add one or more DNS domains.

domain <string>

The domain name suffix for the IP addresses of the DNS server.

ip6-primary <ipv6>

The primary DNS server IPv6 address.

ip6-secondary <ipv6>

The secondary DNS server IPv6 address.

dns-cache-limit <integer>

The number of records in the DNS cache, value between 0 and 4294967295, default is 5000.

dns-cache-ttl <integer>

The duration, in seconds, that the DNS cache retains information, value between 60 and 86400, default is 1800.

cache-notfound-responses {disable | enable}

Disable or enable response from the DNS server when a record is not in cache, default is disable.

source-ip <ip>

The IP address used by the DNS server as the source IP.

Previous
Next

system dns

Configure DNS settings used to resolve domain names to IP addresses, so devices connected to a FortiGate interface can use it.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.5.

Command Description

config domain

Allows you to add multiple DNS domains.

 
config system dns
    set primary {ipv4 address}   Primary DNS server IP address.
    set secondary {ipv4 address}   Secondary DNS server IP address.
    config domain
        edit {domain}
        # Search suffix list for hostname lookup.
            set domain {string}   DNS search domain list separated by space (maximum 8 domains) size[127]
        next
    set ip6-primary {ipv6 address}   Primary DNS server IPv6 address.
    set ip6-secondary {ipv6 address}   Secondary DNS server IPv6 address.
    set timeout {integer}   DNS query timeout interval in seconds (1 - 10). range[1-10]
    set retry {integer}   Number of times to retry (0 - 5). range[0-5]
    set dns-cache-limit {integer}   Maximum number of records in the DNS cache. range[0-4294967295]
    set dns-cache-ttl {integer}   Duration in seconds that the DNS cache retains information. range[60-86400]
    set cache-notfound-responses {disable | enable}   Enable/disable response from the DNS server when a record is not in cache.
    set source-ip {ipv4 address}   IP address used by the DNS server as its source IP.
end

primary <ip>

The primary DNS server IP address, default is 208.91.112.53, a FortiGuard server.

secondary <ip>

The secondary DNS server IP address, default is 208.91.112.52, a FortiGuard server.

config domain

Add one or more DNS domains.

domain <string>

The domain name suffix for the IP addresses of the DNS server.

ip6-primary <ipv6>

The primary DNS server IPv6 address.

ip6-secondary <ipv6>

The secondary DNS server IPv6 address.

dns-cache-limit <integer>

The number of records in the DNS cache, value between 0 and 4294967295, default is 5000.

dns-cache-ttl <integer>

The duration, in seconds, that the DNS cache retains information, value between 60 and 86400, default is 1800.

cache-notfound-responses {disable | enable}

Disable or enable response from the DNS server when a record is not in cache, default is disable.

source-ip <ip>

The IP address used by the DNS server as the source IP.

Previous
Next