Technical Tip: How to disable DNS queries for private IP addresses for FortiMail
Description
This article describes how to disable DNS queries for private IP addresses for FortiMail.
FortiMail provides an option to turn on and off locally generated DNS queries for private IP addresses.
Scope
FortiMail v4.0 and above.
Solution
FortiMail provides an option to turn on and off locally generated DNS queries for private IP addresses.
Private IP addresses are defined by RFC 1918 Reverse-Map Private and include the following ranges:
192.168.0.0/16.
172.16.0.0/12.
10.0.0.0/8.
These queries are configured with the following CLI command:
Private IP addresses are defined by RFC 1918 Reverse-Map Private and include the following ranges:
192.168.0.0/16.
172.16.0.0/12.
10.0.0.0/8.
These queries are configured with the following CLI command:
config sys dns
set private-ip-query disable
set private-ip-query disable
end
If a FortiMail unit is configured to point to a public DNS server then it is recommended to disable private-ip-query to limit the amount of traffic that can potentially hit DNS root name servers.
Any address that does not fall into the IP ranges defined by RFC 1918 will be subject to a DNS lookup by the FortiMail.
Any address that does not fall into the IP ranges defined by RFC 1918 will be subject to a DNS lookup by the FortiMail.