How to use a FortiGate as a recursive DNS server
This tutorial describes how to create an unauthoritative primary recursive DNS server using FortiGate for the local network. The interface mode is recursive so that, if the request cannot be fulfilled, the external DNS forwarders will be queried.
Note. FortiGate as a DNS server also supports TLS and HTTPS connections to a DNS client.
To enable DNS server options in the GUI
- Go to System > Feature Visibility.
- Enable DNS Database in the Additional Features section.
- Click Apply.
To configure FortiGate as a primary DNS server
- Go to Network > DNS Servers.
- In the DNS Database table, click Create New.
- Set Type to Primary.
- Set View to Shadow.
If Shadow is selected, only internal users can use it.
- Enter a DNS Zone.
- Enter the Domain Name of the zone.
- Enter the Hostname of the DNS server.
- Enter the Contact Email Address for the administrator.
- Disable Authoritative.
Create new DNS entries
- In the DNS Entries table, click Create New.
- Choose Type Address (A).
- Enter the Hostname.
- Enter the IP Address.
- Set TTL to Use Zone TTL
- Enable Status
- Click OK.
Enable DNS services on an interface
FortiGate recursive DNS server
- In the DNS Service on Interface table, click Create New.
- Select the Interface for the DNS server, such as LAN.
- Set the Mode to Recursive.
- Click OK.
a few words about Fortinet FortiGate
Fortinet FortiGate provides users with next-generation firewall solutions that provide proven protection with unmatched performance across the network, from internal segments to data centers to cloud environments. You can protect every part of your network without exception.
FortiGate is an innovative line of firewalls that aim to protect organizations from all types of web-based network threats. They come in a wide variety of product types. FortiGate’s solutions are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?