By default, when Global Load Balance is enabled, FortiADC listens to DNS queries with its network interface's physical IP address.

In some cases, the user requires a DNS zone to respond to queries using other IP address other than what is configured in the network interface, for instance, the secondary IP address.

• Network Interface: port2
• IP address: 10.100.4.76
• Secondary IP address: 10.100.4.77, 10.100.4.78
• DNS zone: ftnt-lab.local
• A Record: web.ftnt-lab.local

• 10.100.4.77 will be assigned as Name Server 1.
• 10.100.4.78 will be assigned as Name Server 2.

1. Steps to configure DNS policy:
   Configure the DNS Address group. Navigate to Global Load Balance -> Zone Tools -> Address Group -> Create New.

2. Create a new DNS policy. Navigate to Global Load Balance -> Zone Tools - > Global DNS Policy -> Create New.

Note:

The configured DNS address group will be the destination as the query will always be an inbound connection. Select the respective DNS zone that will be applied with the policy.

Steps to verify:

1. Use the client workstation to initiate a DNS query.

Example:

dig @<ns-ip> <domain>

• Use 10.100.4.77 or 10.100.4.78 as a DNS server.

Successfully get the query answered from the FortiADC secondary IP address.

• Use 10.100.4.76 (FortiADC interface IP) as a DNS server.

Query is refused from the FortiADC network interface IP.

Related document:

Configuring a Global DNS policy