Created on 09-30-2021 12:29 AM Edited on 08-16-2024 01:23 PM By Jean-Philippe_P
Description
This article describes how to configure different DNS servers for a specific VDOM.
Having VDOM enabled in FortiGate, DNS set in global will be used by all the VDOMs.
Solution
To configure different DNS servers for a specific VDOM, follow the below steps:
config vdom
edit <vdom name>
set primary {ipv4-address}
set secondary {ipv4-address}
set source-ip {ipv4-address}
set interface-select-method [auto|sdwan|...]
set interface {string}
end
Example.
Global DNS.
dracarys-kvm13 (global) # show system dns
config system dns
set primary 10.40.0.3
set secondary 208.91.112.52
end
VDOM DNS.
dracarys-kvm13 # config vdom
dracarys-kvm13 (vdom) edit internal
dracarys-kvm13 (internal) # show system vdom-dns
config system vdom-dns
set vdom-dns enable
set primary 8.8.8.8
set secondary 4.2.2.2
end
Configuration for DNS database VDOM:
Technical TIP: Different options of con... - Fortinet Community
x.x.x.x IP does not match any interface IP in the VDOM root.
node_check_object fail! for source-ip x.x.x.x
Example:
config system vdom-dns
set vdom-dns enable
set primary 10.10.10.1
set secondary 10.10.10.2
set source-ip x.x.x.x
end
config system dns-database
edit "example.com"
set domain "example.com"
set authoritative disable
set forwarder "10.10.10.1"
set source-ip 192.168.10.1 <--- Interface IP.
next
end
dracarys-kvm13 (internal) # execute ping test.com
PING test.com (67.225.146.248): 56 data bytes
^C
--- test.com ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
dracarys-kvm13 (internal) # dia sniffer packet any "host 8.8.8.8 or host 4.2.2.2" 4 0 l
Using Original Sniffing Mode
interfaces=[any]
filters=[host 8.8.8.8 or host 4.2.2.2]
2021-09-29 12:52:26.960304 port3 out 10.40.51.13.3695 -> 8.8.8.8.53: udp 35
2021-09-29 12:52:29.264189 port3 out 10.40.51.13.3695 -> 4.2.2.2.53: udp 26
2021-09-29 12:52:29.303275 port3 in 4.2.2.2.53 -> 10.40.51.13.3695: udp 42
2021-09-29 12:52:31.966378 port3 out 10.40.51.13.3695 -> 4.2.2.2.53: udp 35
2021-09-29 12:52:32.005244 port3 in 4.2.2.2.53 -> 10.40.51.13.3695: udp 302
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.