How to use a FortiGate as a recursive DNS server
This tutorial describes how to create an unauthoritative primary DNS server using for the local network. The interface mode is recursive so that, if the request cannot be fulfilled, the external DNS forwarders will be queried.
Note. FortiGate as a DNS server also supports TLS and HTTPS connections to a DNS client.
To enable DNS server options in the GUI
- Go to System > Feature Visibility.
- Enable DNS Database in the Additional Features section.
- Click Apply.

To configure FortiGate as a primary DNS server

- Go to Network > DNS Servers.
- In the DNS Database table, click Create New.
- Set Type to Primary.
- Set View to Shadow.
If Shadow is selected, only internal users can use it. - Enter a DNS Zone.
- Enter the Domain Name of the zone.
- Enter the Hostname of the DNS server.
- Enter the Contact Email Address for the administrator.
- Disable Authoritative.
Create new DNS entries

- In the DNS Entries table, click Create New.
- Choose Type Address (A).
- Enter the Hostname.
- Enter the IP Address.
- Set TTL to Use Zone TTL
- Enable Status
- Click OK.
Enable DNS services on an interface

- In the DNS Service on Interface table, click Create New.
- Select the Interface for the DNS server, such as LAN.
- Set the Mode to Recursive.
- Click OK.