Technical Tip: How to Verify DNS Root Server and Authoritative Name Server IP Information in a FortiGate

To get the details of the root name servers that your FortiGate is aware of, execute the following command in the FortiGate CLI:

diagnose test application dnsproxy 19

diagnose test application dnsproxy
worker idx: 0
19. Show nameserver cache <-----

Example output:

The command will display a list of the 13 root name servers' cache, their IP addresses, and authoritative name servers learned while performing the recursive DNS lookup for the client. The output will look similar to this:

diagnose test application dnsproxy 19

worker idx: 0
name=windows.com label_count=2 ns_count=4
name=geo.fortinet.net label_count=3 ns_count=3
name=fortinet.net label_count=2 ns_count=3
.
.
.

name=. label_count=0 ns_count=13
ns=c.root-servers.net A=192.33.4.12 use=1
ns=d.root-servers.net A=199.7.91.13 use=1
ns=e.root-servers.net A=192.203.230.10 use=1
ns=f.root-servers.net A=192.5.5.241 use=1
ns=g.root-servers.net A=192.112.36.4 use=1
ns=h.root-servers.net A=198.97.190.53 use=1
ns=i.root-servers.net A=192.36.148.17 use=1
ns=j.root-servers.net A=192.58.128.30 use=1
ns=k.root-servers.net A=193.0.14.129 use=1
ns=l.root-servers.net A=199.7.83.42 use=1
ns=m.root-servers.net A=202.12.27.33 use=1
ns=a.root-servers.net A=198.41.0.4 use=1
ns=b.root-servers.net A=199.9.14.201 use=1