|
Administrators may try to use a wildcard domain in the FortiGate DNS database to:
-
Resolve subdomains of an internal domain, or:
-
Forward DNS queries for multiple domains without changing system-wide DNS.
Example scenario:
*.subdomain.local → 10.10.10.50
FortiGate DNS servers will store the wildcard record, but:
-
In secondary/shadow DNS, wildcard records only resolve if queried exactly as stored.
-
In DNS database forwarding, wildcard entries are treated as literal names rather than applying to all subdomains.
Verification:
- To verify, check the DNS database using:
diagnose test application dnsproxy 8
- To test resolution from the FortiGate:
execute ping anything.subdomain.local -----> It will return Unable to resolve hostname.
Currently, this is considered a New Feature Request.
Workarounds:
- Forward queries for the Specific Domains:
config system dns-database
edit "subdomain.local"
set authoritative disable
set forwarder 10.10.10.10
next
end
Queries for all subdomains of subdomain.local will be resolved correctly by the primary DNS server.
-
Add Explicit A-Records.
If only a few subdomains are required, manually add entries in the FortiGate DNS database:
config system dns-database
edit "subdomain.local"
config dns-entry
edit "app.subdomain.local"
set type A
set ip 10.10.10.50
next
end
next
end
Note: It is not suitable for large or dynamic sets of subdomains.
|
