Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
snadgir
Staff
Staff

Created on ‎01-01-2025 10:36 PM Edited on ‎09-18-2025 10:31 PM By Moderator

Article Id 367591

Technical Tip: How to configure DNS database for a locally hosted website

Description

 

This article describes how to create a DNS database for a website that is hosted in the local network.

 

Scope

 

FortiGate.

 

Solution

 

Local DNS servers can be created for a network. Depending on the specific requirements, entries can either be manually managed (via a primary DNS server) or configured to reference an external source (as a secondary DNS server).

 

A local primary DNS server requires the manual addition of all URL and IP address combinations. 

 

Configuration steps from the GUI:

 

  1. Go to System -> Feature Visibility and enable DNS Database under additional features.


image (27).png

 

  1. Navigate to Network -> DNS Servers and create a New DNS Database.

 

image (29).png

 

If the view is set to shadow, it can be used by only internal users. Choose a DNS zone and mention the domain name of that zone as shown in the example above.

 

Mention the hostname of the DNS server along with the contact email address for the administrator. Disable the Authoritative option because IP addresses can change, and maintaining the list can become labor-intensive.

 

  1.  Add DNS entries:

 

image (30).png

In the above image, the FQDN is considered based on the mentioned hostname along with the domain name.

 

The DNS Entry also helps the FortiGate locally resolve FQDN (mywebsite3.com) to an IP address (192.168.100.10).

Verify the FQDN resolution by initiating pings on FortiGate.

 

exe ping mywebsite3.com
PING mywebsite3.com (192.168.100.10): 56 data bytes
64 bytes from 192.168.100.10: icmp_seq=0 ttl=64 time=0.6 ms
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.5 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.5 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.4 ms
64 bytes from 192.168.100.10: icmp_seq=4 ttl=64 time=0.4 ms

--- mywebsite3.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.4/0.4/0.6 ms

 

  1. Create a DNS Service on the interface:

   image (31).png

 

In the above image, port1 is chosen as the device from where the IP address that needs to be resolved are located behind it.

   image (33).png

 

  1. Set the DNS server as the default gateway of the firewall. In the above scenario, it is set as 172.16.32.1 (IP address of port1):

                                  image (32).png

 

After the DNS server is mentioned, to test, perform an nslookup of the FQDN, which would resolve to the internal IP address hosted in the LAN network.

 

image (34).png

1311
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.