How to set up your FortiADC : Configuring the network settings : Configuring DNS settings
 
Configuring DNS settings
Like many other types of network devices, FortiADC appliances require connectivity to DNS servers for DNS lookups.
Your Internet service provider (ISP) may supply IP addresses of DNS servers, or you may want to use the IP addresses of your own DNS servers. You must provide unicast, non-local addresses for your DNS servers. Local host and broadcast addresses will not be accepted.
 
Incorrect DNS settings or unreliable DNS connectivity can cause issues with other features, including FortiGuard services and NTP system time.
 
For improved performance, use DNS servers on your local network.
To configure DNS settings via the web UI
1. Go to System > Network > DNS.
To change settings in this part of the web UI, your administrator's account access profile must have Write permission to items in the System category. For details, see “Permissions”.
2. In Primary DNS Server, type the IP address of the primary DNS server.
3. In Secondary DNS Server, type the IP address of an alternative, secondary DNS server.
4. Click Save.
The appliance will query the DNS servers whenever it needs to resolve a domain name into an IP address, such as for NTP system time or FortiGuard services.
5. To verify your DNS settings, in the CLI, enter the following commands:
execute traceroute <server_fqdn>
where <server_fqdn> is a domain name such as www.example.com.
 
DNS tests may not succeed until you have completed “Adding a gateway”.
If the DNS query for the domain name succeeds, you should see results that indicate that the host name resolved into an IP address, and the route from FortiADC to that IP address:
traceroute to www.example.com (192.0.43.10), 30 hops max, 46 byte packets
1 192.168.1.1 (192.168.1.1) 2.405 ms 0.629 ms 0.660 ms
2 10.124.146.1 (10.124.146.1) 7.509 ms 8.822 ms 7.857 ms
3 69.63.255.189 (69.63.255.189) 13.272 ms 18.270 ms 11.798 ms
4 fallowfield2.cable.teksavvy.com (69.196.175.186) 8.872 ms 10.024 ms 8.624 ms
5 fallowfield2.cable.teksavvy.com (69.196.175.185) 14.662 ms 13.030 ms 13.814 ms
...
11 43-10.any.icann.org (192.0.43.10) 32.059 ms 31.585 ms 32.127 ms
If the DNS query fails, you will see an error message such as:
traceroute: bad address 'www.example.com'
Verify your DNS server IPs, routing, and that your firewalls or routers do not block or proxy UDP port 53.
To configure DNS settings via the CLI
1. Enter the following commands:
config system dns
set primary <address_ipv4>
set secondary <address_ipv4>
end
where:
<address_ipv4> is the IP address of a DNS server
The appliance will query the DNS servers whenever it needs to resolve a domain name into an IP address, such as for NTP.
2. To verify your DNS settings, in the CLI, enter the following commands:
execute traceroute <server_fqdn>
where <server_fqdn> is a domain name such as www.example.com.
 
DNS tests may not succeed until you have completed “Adding a gateway”.
If the DNS query for the domain name succeeds, you should see results that indicate that the host name resolved into an IP address, and the route from FortiADC to that IP address:
traceroute to www.example.com (192.0.43.10), 30 hops max, 46 byte packets
1 192.168.1.1 (192.168.1.1) 2.405 ms 0.629 ms 0.660 ms
2 10.124.146.1 (10.124.146.1) 7.509 ms 8.822 ms 7.857 ms
3 69.63.255.189 (69.63.255.189) 13.272 ms 18.270 ms 11.798 ms
4 fallowfield2.cable.teksavvy.com (69.196.175.186) 8.872 ms 10.024 ms 8.624 ms
5 fallowfield2.cable.teksavvy.com (69.196.175.185) 14.662 ms 13.030 ms 13.814 ms
...
11 43-10.any.icann.org (192.0.43.10) 32.059 ms 31.585 ms 32.127 ms
If the DNS query fails, you will see an error message such as:
traceroute: bad address 'www.example.com'
Verify your DNS server IPs, routing, and that your firewalls or routers do not block or proxy UDP port 53.
See also
Configuring the physical network interfaces
Adding a gateway