Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff

Created on ‎06-28-2024 06:47 AM

Article Id 323124

Technical Tip: How to configure FQDN Address to Resolve Using DNS Database IP Address Instead of System DNS

Description This article explains how to configureFQDN addresses to resolve using a DNS database instead of the system DNS. 
Scope FortiGate.
Solution

In certain network environments, it is necessary to resolve specific FQDN entries to a local server's IP address. This can be done by configuring the DNS database on FortiGate rather than relying on the system's default DNS. 

 

For example, it is necessary to configure the domain address 'mail.fortilab.com' as an FQDN address so that it resolves to the IP address '1.1.1.1'.

 

From GUI: Go Under Network -> DNS Servers:

 

DNS_database.PNG

 

From CLI:

 

config system dns-database
edit "fortilab"
set domain "fortilab.com"
config dns-entry
edit 1
set hostname "mail"
set ip 1.1.1.1
end

config firewall address
edit "mail"
set uuid 31ba31c6-3550-51ef-0493-b2fa39fb5131
set type fqdn
set fqdn "mail.fortilab.com"
next
end

 

# di firewall fqdn list-ip | grep mail.fortilab.com -A5
fqdn_u 0xebb59b0 mail.fortilab.com: type:(1) ID(8) count(1) generation(2) data_len:13 flag: 1
ip list: (1 ip in total)
ip: 1.1.1.1
Total ip fqdn range blocks: 1.
Total ip fqdn addresses: 1.
829
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.