Fortinet black logo

CLI reference

Home FortiNDR 7.0.3 CLI reference
7.0.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

config system dns

config system dns

Use this command to configure the IP addresses of the primary and secondary DNS servers that FortiAI queries to resolve domain names into IP addresses.

Syntax

config system dns
    set cache {enable | disable}
    set cache-min-ttl <time_in_sec>
    set primary <dns_ipv4>
    set private_ip_query {enable | disable}
    set protected-domain-dns-servers <class_ip>
    set protected-domain-dns-state {enable | disable}
    set secondary <dns_ipv4>
    set truncate-handling {disable | tcp-retry}
end

Variable

Description

Default

cache {enable | disable}

Enable to cache DNS query results to improve performance. If memory is low, disable to free up more memory.

enable

cache-min-ttl <time_in_sec>

Minimum TTL for cached DNS records in seconds.

primary <dns_ipv4>

IP address of the primary DNS server.

0.0.0.0

private_ip_query {enable | disable}

Enable to perform reverse DNS lookups on private network IP addresses, as defined in RFC 1918. The DNS server must have PTR records for your private network’s IP addresses. Not having records for those IP addresses might increase DNS query time and cause query results to show Host not found.

disable

protected-domain-dns-servers <class_ip>

IP addresses of DNS servers for protected domains.

protected-domain-dns-state {enable | disable}

Enable or disable using DNS servers for protected domains.

secondary <dns_ipv4>

IP address of the secondary DNS serve.

0.0.0.0

truncate-handling {disable | tcp-retry}

Action for truncated UDP.

Previous
Next

config system dns

Use this command to configure the IP addresses of the primary and secondary DNS servers that FortiAI queries to resolve domain names into IP addresses.

Syntax

config system dns
    set cache {enable | disable}
    set cache-min-ttl <time_in_sec>
    set primary <dns_ipv4>
    set private_ip_query {enable | disable}
    set protected-domain-dns-servers <class_ip>
    set protected-domain-dns-state {enable | disable}
    set secondary <dns_ipv4>
    set truncate-handling {disable | tcp-retry}
end

Variable

Description

Default

cache {enable | disable}

Enable to cache DNS query results to improve performance. If memory is low, disable to free up more memory.

enable

cache-min-ttl <time_in_sec>

Minimum TTL for cached DNS records in seconds.

primary <dns_ipv4>

IP address of the primary DNS server.

0.0.0.0

private_ip_query {enable | disable}

Enable to perform reverse DNS lookups on private network IP addresses, as defined in RFC 1918. The DNS server must have PTR records for your private network’s IP addresses. Not having records for those IP addresses might increase DNS query time and cause query results to show Host not found.

disable

protected-domain-dns-servers <class_ip>

IP addresses of DNS servers for protected domains.

protected-domain-dns-state {enable | disable}

Enable or disable using DNS servers for protected domains.

secondary <dns_ipv4>

IP address of the secondary DNS serve.

0.0.0.0

truncate-handling {disable | tcp-retry}

Action for truncated UDP.

Previous
Next