To know how to log in to FortiADC's shell mode, follow this article: Technical Tip: Get access to secure shell of FortiADC starting from v7.0.

# dig @127.0.0.1 followed by the domain name. For example:

/# dig @127.0.0.1 www.fortinet.com

; <<>> DiG 9.18.0 <<>> @127.0.0.1 fortinet.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22966

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: 27662f60cf534b060100000069273587600850f0040d4a1f (good)

;; QUESTION SECTION:

;fortinet.comUSA

;; ANSWER SECTION:

fortinet.com dnsfortiguard.net54.151.118.105

fortinet.com dnsfortiguard.net 54.177.212.176

;; AUTHORITY SECTION:

fortinet.com 86400defaultprimary.fortinet.com.

;; ADDITIONAL SECTION:

defaultprimary.fortinet.com.86400 IN A 127.0.0.1

;; Query time: 1 msec

;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)

;; WHEN: Wed Nov 26 12:14:47 -05 2025

;; MSG SIZE  rcvd: 157

Another method to check that FortiADC is able to resolve DNS records is through a direct DNS query against its interfaces in a listening state.

config global-dns-server general
    set listen-on-all-interface {enable|disable}
    set listen-on-interface <datasource>
end

By default, listen-on-all-interface is enabled, meaning that it is possible to perform a DIG or NSLOOKUP directly to any FortiADC interfaces.

CMD> nslookup -type={mx|cname|txt|a|aaaa|ptr|...} <FQDN-Domain> <FortiADC_IP-Add>