What's difference between recursive, non recursive and forward to system dns

Forum|Forum|7 years ago
December 18, 2018
1 reply
50698 views

Hi all,

I want to use fortigate as DNS Server. So May you explain for differences between recursive, non recursive and forward to system dns?

lobstercreed

New Member

Hi Raka,

Basically it comes down to whether you host your own DNS records. If you don't, and simply want hosts on your network to forward DNS queries to the FortiGate which in turn forwards them to the Internet, then forward is definitely the mode you want.

Here are a few articles that may help you further:

https://www.fortinetguru.com/2016/12/dns-services/

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/DNS%20Services/DNS%20Servers.htm

http://help.fortinet.com/cli/fos60hlp/60/index.htm#FortiOS/fortiOS-cli-ref/config/system/dns-server.htm

https://forum.fortinet.com/tm.aspx?m=108681

- Daniel

ede_pfau

SuperUser

and

- non-recursive: check local (FGT) DNS records and fail if not found

- recursive: check local (FGT) DNS records and forward to system DNS if not found

NB it's a good idea to use the FGT as DNS proxy as DNS requests are cached. To avoid your users using malicious DNS you should block all DNS requests from LAN to WAN - it's the FGT which hosts should query exclusively. The FGT usually is configured to use a trusted DNS, either from your ISP or some well-known public DNS like quad4.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded