Dns Servers; Configuring Fortigate Dns Services - Fortinet FortiGate Series Administration Manual

System Network

DNS Servers

Configuring FortiGate DNS services

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
IPv6 DNS Settings
Primary DNS Server
Secondary DNS Server Enter the secondary IPv6 DNS server IP address.
Dead Gateway Detection
Detection Interval
Fail-over Detection
Several FortiGate functions use DNS, including alert email and URL blocking. You can
specify the IP addresses of the DNS servers to which your FortiGate unit connects. DNS
server IP addresses are usually supplied by your ISP.
You can configure FortiGate models numbered 100 and lower to obtain DNS server
addresses automatically. To obtain these addresses automatically, at least one FortiGate
unit interface must use the DHCP or PPPoE addressing mode. See
on an interface" on page 188
FortiGate models 100 and lower can provide DNS Forwarding on their interfaces. Hosts
on the attached network use the interface IP address as their DNS server. DNS requests
sent to the interface are forwarded to the DNS server addresses that you configured or
that the FortiGate unit obtained automatically.
You can configure a FortiGate unit to be the DNS server for any networks that can
communicate with a FortiGate interface. You set up the DNS configuration for each
interface in one of the following ways:
• The interface relays DNS requests to the DNS servers configured for the FortiGate unit
under System > Network > Options. See
DNS requests to external DNS servers" on page
• The interface resolves DNS requests using a FortiGate DNS database. DNS requests
for host names not in the FortiGate DNS database are dropped. See
FortiGate interface to resolve DNS requests using only the FortiGate DNS database"
on page 207.
• The interface resolves DNS requests using the FortiGate DNS database and relays
DNS requests for host names not in the FortiGate DNS database to the DNS servers
configured for the FortiGate unit under System > Network > Options. This is called a
split DNS configuration.See
If virtual domains are not enabled you can create one DNS databases that can be shared
by all the FortiGate interfaces.
If virtual domains are enabled, you create a DNS database in each VDOM. All of the
interfaces in a VDOM share the DNS database in that VDOM.
This section describes:
• About split DNS
• Configuring FortiGate DNS services
Enter the primary IPv6 DNS server IP address.
Configure Detect Interface Status for Gateway Load Balancing for
one or more FortiGate interfaces and use the dead gateway
detection settings to configure how interface status detection
functions. For information, see
gateway load balancing" on page
Enter a number in seconds to specify how often the FortiGate unit
detects interface status.
Enter the number of times that interface status tests fail before the
FortiGate unit assumes that the interface is no longer functioning.
or "Configuring an interface for PPPoE" on page
"To configure a FortiGate interface to relay
"To configure a split DNS configuration" on page 208
Configuring FortiGate DNS services
"Interface status detection for
193.
"Configuring DHCP
207.
"To configure a
190.
205