Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
subramanis
Staff
Staff

Created on ‎01-03-2022 02:43 AM

Article Id 202398

Technical Tip: Local DNS records and Non-local DNS records

Description This article describes that Local DNS records do resolve but Non-local DNS records do not resolve.
Scope Users should resolve only on the local database, it should not send the request to the system DNS if there are no records found in the local database.
Solution

kb-image.JPG

 

DNS configuration on the firewall.

 

# config system dns-databas
    edit "demo"
        set domain "demo.com"
        set view public
# config dns-entr
    edit 1
        set hostname "fgt"
        set ip 1.2.3.4


Enabling the DNS server on the interface.

 

# config system dns-serve
    edit "wan1"
        set mode non-recursive

 

Now the user can only resolve the local DNS records and Non-local records do not resolve.

 

C:\Users\fortinet>nslookup
Default Server: UnKnown
Address: 10.253.4.134

> fgt.demo.com
Server: UnKnown
Address: 10.253.4.134

Name: fgt.demo.com
Address: 1.2.3.4

 

> google.com
Server: UnKnown
Address: 10.253.4.134

*** UnKnown can't find google.com: Non-existent domain
Labels:
2295
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.