Fortinet Community

js2 · ‎09-30-2021

Description
Having VDOM enabled in FortiGate, DNS set in global will be used by all the VDOMs.

This article describes how to configure different DNS servers for a specific VDOM.

Solution
To Configure different DNS servers for a specific VDOM please follow below steps.

# config vdom
    edit <vdom name>
        set primary {ipv4-address}
        set secondary {ipv4-address}
        set source-ip {ipv4-address}
        set interface-select-method [auto|sdwan|...]
        set interface {string}
    end

Example.

Global DNS.

dracarys-kvm13 (global) # show system dns
# config system dns
set primary 10.40.0.3
set secondary 208.91.112.52
end

VDOM DNS.

dracarys-kvm13 # config vdom
dracarys-kvm13 (vdom) edit internal
dracarys-kvm13 (internal) # show system vdom-dns
# config system vdom-dns
    set vdom-dns enable
    set primary 8.8.8.8
    set secondary 4.2.2.2
end

- When FQDN is pinged from internal VDOM, it will use vdom-dns instead of DNS set in Global.

dracarys-kvm13 (internal) # execute ping test.com
PING test.com (67.225.146.248): 56 data bytes
^C
--- test.com ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

dracarys-kvm13 (internal) # dia sniffer packet any "host 8.8.8.8 or host 4.2.2.2" 4 0 l
Using Original Sniffing Mode
interfaces=[any]
filters=[host 8.8.8.8 or host 4.2.2.2]

2021-09-29 12:52:26.960304 port3 out 10.40.51.13.3695 -> 8.8.8.8.53: udp 35
2021-09-29 12:52:29.264189 port3 out 10.40.51.13.3695 -> 4.2.2.2.53: udp 26
2021-09-29 12:52:29.303275 port3 in 4.2.2.2.53 -> 10.40.51.13.3695: udp 42
2021-09-29 12:52:31.966378 port3 out 10.40.51.13.3695 -> 4.2.2.2.53: udp 35
2021-09-29 12:52:32.005244 port3 in 4.2.2.2.53 -> 10.40.51.13.3695: udp 302

Fortinet Community

Technical Tip: Configuration per VDOM DNS