system : dns-database
 
dns-database
Use this command to configure the FortiGate DNS database so that DNS lookups from an internal network are resolved by the FortiGate DNS database. To configure the DNS database you add zones. Each zone has its own domain name.
You then add entries to each zone. An entry is an host name and the IP address it resolves to. You can also specify if the entry is an IPv4 address (A), an IPv6 address (AAAA), a name server (NS), a canonical name (CNAME), or a mail exchange (MX) name.
Syntax
config system dns-database
edit <zone-string>
set allow-transfer <ipv4_addr>
set authoritative {enable | disable}
set contact <email_string>
set domain <domain>
set forwarder <ipv4_addr>
set ip-master <ipv4_addr>
set primary-name <name_string>
set source-ip <ipv4_addr>
set status {enable | disable}
set ttl <int>
set type {master | slave}
set view {public | shadow}
config dns-entry
edit <entry-id>
set canonical-name <canonical_name_string>
set hostname <hostname_string>
set ip <ip_address>
set ipv6 <ipv6_address>
set preference <preference_value>
set status {enable | disable}
set ttl <entry_ttl_value>
set type {A | AAAA | MX | NS | CNAME}
end
end
Variable
Description
Default
edit <zone-string>
Enter the DNS zone name. This is significant only on the FortiGate unit itself.
No default.
allow-transfer <ipv4_addr>
DNS zone transfer ip address list.
No default.
authoritative {enable | disable}
Enable to declare this as an authoritative zone.
enable
contact <email_string>
Enter the email address of the administrator for this zone. If the email address is in this zone, you can enter just the username portion of the email address.
hostmaster
domain <domain>
Set the domain name here — when matching lookup, use this zone name to match DNS queries.
No default.
forwarder <ipv4_addr>
Enter the IP address of the dns zone forwarder.
No default.
ip-master <ipv4_addr>
Enter the IP address of the master DNS server. This is available when type is slave.
No default
primary-name <name_string>
Enter the domain name of the default DNS server for this zone.
dns
source-ip <ipv4_addr>
Enter the source IP address to use when forwarding to the DNS server.
0.0.0.0
status {enable | disable}
Select to enable this DNS zone entry.
enable
ttl <int>
Set the packet time-to-live in seconds. Range 0 to 2 147 483 647.
86400
type {master | slave}
Select the type of this zone.
master — manage entries directly.
slave — import entries from outside source
master
view {public | shadow}
Select the type of view for this zone:
public — to service public clients
shadow — to service internal clients
This value cannot be changed once set.
This setting can be used in conjunction with config system dns-server entries, where the mode of a zone can be set to recursive. A recursive mode on a zone means DNS requests sent to the FortiGate will first check the Shadow DNS Database and if no entry is found, will then forward to the system DNS setting.
shadow
config dns-entry variables
edit <entry-id>
 
 
canonical-name <canonical_name_string>
Enter the canonical name of the host. This is available if type is CNAME.
Null
hostname <hostname_string>
Enter the name of the host.
Null
ip <ip_address>
Enter the IP address (IPv4) of the host. This is available if type is A.
0.0.0.0
ipv6 <ipv6_address>
Enter the IP address (IPv6) of the host. This is available if type is AAAA.
::
preference <preference_value>
Enter the preference level. 0 is the highest preference. This is available if type is MX.
10
status {enable | disable}
Enable the DNS entry.
enable
ttl <entry_ttl_value>
Optionally, override the zone time-to-live value. Range 0 to 2 147 483 647 seconds.
Set to 0 to use zone ttl value.
0
type {A | AAAA | MX | NS | CNAME}
A — IPv4 host
AAAA — IPv6 host
CNAME — alias
MX — mail server
NS — name server
A