config global-dns-server general
Use this command to configure basic behavior for the DNS server.
The general settings configuration specifies the interfaces that listen for DNS requests. By default, the system listens on the IPv4 and IPv6 addresses of all configured interfaces for DNS requests.
The other settings in the general settings configuration are applied when traffic does not match a Global DNS policy.
Before you begin:
• You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
• You must have read-write permission for global load balancing settings.
Syntax
config global-dns-server general
set dnssec-status {enable|disable}
set dnssec-validate-status {enable|disable}
set forward {first | only}
set forwarders <datasource>
set gds-status {enable|disable}
set ipv4-accessed-status {enable|disable}
set ipv6-accessed-status {enable|disable}
set listen-on-all-interface {enable|disable}
set listen-on-interface <datasource>
set recursion-status {enable|disable}
set response-rate-limit <datasource>
set use-system-dns-server {enable|disable}
end
dnssec-status | Enable/disable DNSSEC. |
dnssec-validate-status | Enable/disable DNSSEC validation. |
forward | • first—The DNS server queries the forwarder before doing its own DNS lookup. • only—Only queries the forwarder. Does not perform its own DNS lookups. |
forwarders | If the DNS server zone has been configured as a forwarder, specify the remote DNS server to which it forwards requests. |
gds-status | Enable/disable the DNS server configuration. |
ipv4-accessed-status | Enable/disable listening for DNS requests on the interface IPv4 address. |
ipv6-accessed-status | Enable/disable listening for DNS requests on the interface IPv6 address. |
listen-on-all-interface | Enable listening on all interfaces. |
listen-on-interface | If you do not listen on all interfaces, select one or more ports to listen on. |
recursion-status | Enable/disable recursion. If enabled, the DNS server attempts to do all the work required to answer the query. If not enabled, the server returns a referral response when it does not already know the answer. |
response-rate-limit | Specify a rate limit configuration object. |
use-system-dns-server | Forward DNS requests to the system DNS server instead of the forwarder. |
Example
FortiADC-VM # config global-dns-server general
FortiADC-VM (general) # get
gds-status : enable
recursion-status : enable
dnssec-status : disable
dnssec-validate-status: disable
ipv6-accessed-status: enable
ipv4-accessed-status: enable
listen-on-all-interface: enable
forward : first
use-system-dns-server: enable
response-rate-limit :
FortiADC-VM (general) # set gds-status enable
FortiADC-VM (general) # end