FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description Having VDOM enabled in FortiGate, DNS set in global will be used by all the VDOMs.
This article describes how to configure different DNS servers for a specific VDOM.
Solution To Configure different DNS servers for a specific VDOM please follow below steps.
# config vdom edit <vdom name> set primary {ipv4-address} set secondary {ipv4-address} set source-ip {ipv4-address} set interface-select-method [auto|sdwan|...] set interface {string} end
Example.
Global DNS.
dracarys-kvm13 (global) # show system dns # config system dns set primary 10.40.0.3 set secondary 208.91.112.52 end
VDOM DNS.
dracarys-kvm13 # config vdom dracarys-kvm13 (vdom) edit internal dracarys-kvm13 (internal) # show system vdom-dns # config system vdom-dns set vdom-dns enable set primary 8.8.8.8 set secondary 4.2.2.2 end
- When FQDN is pinged from internal VDOM, it will use vdom-dns instead of DNS set in Global.
dracarys-kvm13 (internal) # dia sniffer packet any "host 8.8.8.8 or host 4.2.2.2" 4 0 l Using Original Sniffing Mode interfaces=[any] filters=[host 8.8.8.8 or host 4.2.2.2]
2021-09-29 12:52:26.960304 port3 out 10.40.51.13.3695 -> 8.8.8.8.53: udp 35 2021-09-29 12:52:29.264189 port3 out 10.40.51.13.3695 -> 4.2.2.2.53: udp 26 2021-09-29 12:52:29.303275 port3 in 4.2.2.2.53 -> 10.40.51.13.3695: udp 42 2021-09-29 12:52:31.966378 port3 out 10.40.51.13.3695 -> 4.2.2.2.53: udp 35 2021-09-29 12:52:32.005244 port3 in 4.2.2.2.53 -> 10.40.51.13.3695: udp 302
