Fortinet white logo
Fortinet white logo

Administration Guide

DNS domain list

DNS domain list

You can configure up to eight domains in the DNS settings using the GUI or the CLI.

When a FortiGate requests a URL that does not include an FQDN, FortiOS resolves the URL by traversing through the DNS domain list and performing a query for each domain until the first match is found.

By default, FortiGates use FortiGuard's DNS servers:

  • Primary: 96.45.45.45

  • Secondary: 96.45.46.46

You can also customize the DNS timeout time and the number of retry attempts.

To configure a DNS domain list in the GUI:
  1. Go to Network > DNS.

  2. Set DNS Servers to Specify.

  3. Configure the primary and secondary DNS servers as needed.

  4. In the Local Domain Name field, enter the first domain (sample.com in this example).

  5. Click the + to add more domains (example.com and domainname.com in this example). You can enter up to eight domains.

  6. Configure additional DNS protocol and IPv6 settings as needed.

  7. Click Apply.

To configure a DNS domain list in the CLI:
config system dns
    set primary 96.45.45.45
    set secondary 96.45.46.46
    set domain "sample.com" "example.com" "domainname.com"
end

Verify the DNS configuration

In the following example, the local DNS server has the entry for host1 mapped to the FQDN of host1.sample.com, and the entry for host2 is mapped to the FQDN of host2.example.com.

To verify that the DNS domain list is configured:
  1. Open the FortiGate CLI.

  2. Enter execute ping host1.

    The system returns the following response:

    PING host1.sample.com (1.1.1.1): 56 data bytes

    As the request does not include an FQDN, FortiOS traverses the configured DNS domain list to find a match. Because host1 is mapped to the host1.sample.com, FortiOS resolves host1 to sample.com, the first entry in the domain list.

  3. Enter execute ping host2.

    The system returns the following response:

    PING host2.example.com (2.2.2.2): 56 data bytes

    FortiOS traverses the domain list to find a match. It first queries sample.com, the first entry in the domain list, but does not find a match. It then queries the second entry in the domain list, example.com. Because host2 is mapped to the FQDN of host2.example.com, FortiOS resolves host2 to example.com.

DNS timeout and retry settings

The DNS timeout and retry settings can be customized using the CLI.

config system dns
    set timeout <integer>
    set retry <integer>
end

timeout <integer>

The DNS query timeout interval, in seconds (1 - 10, default = 5).

retry <integer>

The number of times to retry the DNS query (0 - 5, default - 2).

Related Videos

sidebar video

DNS Domain List

  • 3,318 views
  • 5 years ago

DNS domain list

DNS domain list

You can configure up to eight domains in the DNS settings using the GUI or the CLI.

When a FortiGate requests a URL that does not include an FQDN, FortiOS resolves the URL by traversing through the DNS domain list and performing a query for each domain until the first match is found.

By default, FortiGates use FortiGuard's DNS servers:

  • Primary: 96.45.45.45

  • Secondary: 96.45.46.46

You can also customize the DNS timeout time and the number of retry attempts.

To configure a DNS domain list in the GUI:
  1. Go to Network > DNS.

  2. Set DNS Servers to Specify.

  3. Configure the primary and secondary DNS servers as needed.

  4. In the Local Domain Name field, enter the first domain (sample.com in this example).

  5. Click the + to add more domains (example.com and domainname.com in this example). You can enter up to eight domains.

  6. Configure additional DNS protocol and IPv6 settings as needed.

  7. Click Apply.

To configure a DNS domain list in the CLI:
config system dns
    set primary 96.45.45.45
    set secondary 96.45.46.46
    set domain "sample.com" "example.com" "domainname.com"
end

Verify the DNS configuration

In the following example, the local DNS server has the entry for host1 mapped to the FQDN of host1.sample.com, and the entry for host2 is mapped to the FQDN of host2.example.com.

To verify that the DNS domain list is configured:
  1. Open the FortiGate CLI.

  2. Enter execute ping host1.

    The system returns the following response:

    PING host1.sample.com (1.1.1.1): 56 data bytes

    As the request does not include an FQDN, FortiOS traverses the configured DNS domain list to find a match. Because host1 is mapped to the host1.sample.com, FortiOS resolves host1 to sample.com, the first entry in the domain list.

  3. Enter execute ping host2.

    The system returns the following response:

    PING host2.example.com (2.2.2.2): 56 data bytes

    FortiOS traverses the domain list to find a match. It first queries sample.com, the first entry in the domain list, but does not find a match. It then queries the second entry in the domain list, example.com. Because host2 is mapped to the FQDN of host2.example.com, FortiOS resolves host2 to example.com.

DNS timeout and retry settings

The DNS timeout and retry settings can be customized using the CLI.

config system dns
    set timeout <integer>
    set retry <integer>
end

timeout <integer>

The DNS query timeout interval, in seconds (1 - 10, default = 5).

retry <integer>

The number of times to retry the DNS query (0 - 5, default - 2).