Using FortiGate as a DNS Server


How to use a FortiGate as a recursive DNS server

This tutorial describes how to create an unauthoritative primary DNS server using for the local network. The interface mode is recursive so that, if the request cannot be fulfilled, the external DNS forwarders will be queried.

Note. FortiGate as a DNS server also supports TLS and HTTPS connections to a DNS client.

To enable DNS server options in the GUI

  • Go to System > Feature Visibility.
  • Enable DNS Database in the Additional Features section.
  • Click Apply.
FortiGate Feature Visibility DNS Database

To configure FortiGate as a primary DNS server

To configure FortiGate as a primary DNS server in the GUI
  • Go to Network > DNS Servers.
  • In the DNS Database table, click Create New.
  • Set Type to Primary.
  • Set View to Shadow.
    If Shadow is selected, only internal users can use it.
  • Enter a DNS Zone.
  • Enter the Domain Name of the zone.
  • Enter the Hostname of the DNS server.
  • Enter the Contact Email Address for the administrator.
  • Disable Authoritative.

Create new DNS entries

FortiGate Edit DNS Zone
  • In the DNS Entries table, click Create New.
  • Choose Type Address (A).
  • Enter the Hostname.
  • Enter the IP Address.
  • Set TTL to Use Zone TTL
  • Enable Status
  • Click OK.

Enable DNS services on an interface

FortiGate Edit DNS Service
  • In the DNS Service on Interface table, click Create New.
  • Select the Interface for the DNS server, such as LAN.
  • Set the Mode to Recursive.
  • Click OK.

How useful was this post?

Click on a star to rate it!

Average rating 4.5 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *