Technical Tip: How to Verify DNS Root Server and Authoritative Name Server IP Information in a FortiGate

nithincs · ‎06-27-2025

Description

This article provides information on how to verify the root name servers and authoritative name server details that a FortiGate device learns while performing DNS lookups as a DNS resolver.

Scope

FortiGate V7.6.

Solution

To get the details of the root name servers that your FortiGate is aware of, execute the following command in the FortiGate CLI:

diagnose test application dnsproxy 19

Example Output:

The command will display a list of the 13 root name servers, their IP addresses, and authoritative name servers learned while performing the recursive DNS lookup for the client. The output will look similar to this:

diagnose test application dnsproxy 19

worker idx: 0
name=windows.com label_count=2 ns_count=4
name=geo.fortinet.net label_count=3 ns_count=3
name=fortinet.net label_count=2 ns_count=3
.
.
.

name=. label_count=0 ns_count=13
ns=c.root-servers.net A=192.33.4.12 use=1
ns=d.root-servers.net A=199.7.91.13 use=1
ns=e.root-servers.net A=192.203.230.10 use=1
ns=f.root-servers.net A=192.5.5.241 use=1
ns=g.root-servers.net A=192.112.36.4 use=1
ns=h.root-servers.net A=198.97.190.53 use=1
ns=i.root-servers.net A=192.36.148.17 use=1
ns=j.root-servers.net A=192.58.128.30 use=1
ns=k.root-servers.net A=193.0.14.129 use=1
ns=l.root-servers.net A=199.7.83.42 use=1
ns=m.root-servers.net A=202.12.27.33 use=1
ns=a.root-servers.net A=198.41.0.4 use=1
ns=b.root-servers.net A=199.9.14.201 use=1

Technical Tip: How to Verify DNS Root Server and Authoritative Name Server IP Information in a FortiGate

You are leaving our website