Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ametkola
Staff
Staff

Created on ‎08-30-2023 09:24 PM Edited on ‎09-08-2023 08:23 AM By Staff

Article Id 271211

Technical Tip: DNS Server Zone Record Limit

Description This article describes how to change the value of adding DNS records on a secondary zone.
Scope FortiGate v7.0.
Solution

Records are added during the AXFR zone transfer until the maximum is reached.

This value can be changed, but by default, the value is 16384.

 

Using the debug :

 

diagnose debug application dnsproxy -1
diagnose debug enable

 

[worker 0] dnszone_refresh_parent_read()-1599: zone=bigzone1.ch received rr from child
[worker 0] dnszone_secondary_request_axfr()-1467: zone=bigzone1.ch waiting for confirmation
[worker 0] dnszone_secondary_request_axfr()-1279: zone=bigzone1.ch received AXFR response (id=0x3442 rcode=0)
[worker 0] dnszone_secondary_request_axfr()-1317: too many records=16385 (max=16384)

 

diagnose debug disable

 

To be able to modify this value:

 

config system dns-database
    edit 'name'    <----- Zone name.
        set rr-max

end

 

rr-max Enter an integer value from <10> to <65536> or (special = <0>) (default = <16384>).

set ?
rr-max Maximum number of resource records (10 - 65536, 0 means infinite).
757
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.