system : dns-database
Use this command to configure the FortiGate DNS database so that DNS lookups from an internal network are resolved by the FortiGate DNS database. To configure the DNS database you add zones. Each zone has its own domain name.
You then add entries to each zone. An entry is an host name and the IP address it resolves to. You can also specify if the entry is an IPv4 address (A), an IPv6 address (AAAA), a name server (NS), a canonical name (CNAME), or a mail exchange (MX) name.
config system dns-database
edit <zone-string>
set allow-transfer <ipv4_addr>
set authoritative {enable | disable}
set contact <email_string>
set domain <domain>
set forwarder <ipv4_addr>
set ip-master <ipv4_addr>
set primary-name <name_string>
set source-ip <ipv4_addr>
set status {enable | disable}
set ttl <int>
set type {master | slave}
set view {public | shadow}
config dns-entry
edit <entry-id>
set canonical-name <canonical_name_string>
set hostname <hostname_string>
set ip <ip_address>
set ipv6 <ipv6_address>
set preference <preference_value>
set status {enable | disable}
set ttl <entry_ttl_value>
set type {A | AAAA | MX | NS | CNAME}
edit <zone-string>
Enter the DNS zone name. This is significant only on the FortiGate unit itself.
No default.
allow-transfer <ipv4_addr>
DNS zone transfer ip address list.
No default.
authoritative {enable | disable}
Enable to declare this as an authoritative zone.
contact <email_string>
Enter the email address of the administrator for this zone. If the email address is in this zone, you can enter just the username portion of the email address.
domain <domain>
Set the domain name here — when matching lookup, use this zone name to match DNS queries.
No default.
forwarder <ipv4_addr>
Enter the IP address of the dns zone forwarder.
No default.
ip-master <ipv4_addr>
Enter the IP address of the master DNS server. This is available when type is slave.
No default
primary-name <name_string>
Enter the domain name of the default DNS server for this zone.
source-ip <ipv4_addr>
Enter the source IP address to use when forwarding to the DNS server.
status {enable | disable}
Select to enable this DNS zone entry.
ttl <int>
Set the packet time-to-live in seconds. Range 0 to 2 147 483 647.
type {master | slave}
Select the type of this zone.
master — manage entries directly.
slave — import entries from outside source
view {public | shadow}
Select the type of view for this zone:
public — to service public clients
shadow — to service internal clients
This value cannot be changed once set.
This setting can be used in conjunction with config system dns-server entries, where the mode of a zone can be set to recursive. A recursive mode on a zone means DNS requests sent to the FortiGate will first check the Shadow DNS Database and if no entry is found, will then forward to the system DNS setting.
config dns-entry variables
edit <entry-id>
canonical-name <canonical_name_string>
Enter the canonical name of the host. This is available if type is CNAME.
hostname <hostname_string>
Enter the name of the host.
ip <ip_address>
Enter the IP address (IPv4) of the host. This is available if type is A.
ipv6 <ipv6_address>
Enter the IP address (IPv6) of the host. This is available if type is AAAA.
preference <preference_value>
Enter the preference level. 0 is the highest preference. This is available if type is MX.
status {enable | disable}
Enable the DNS entry.
ttl <entry_ttl_value>
Optionally, override the zone time-to-live value. Range 0 to 2 147 483 647 seconds.
Set to 0 to use zone ttl value.
type {A | AAAA | MX | NS | CNAME}
A — IPv4 host
AAAA — IPv6 host
CNAME — alias
MX — mail server
NS — name server