Follow the steps in this document to configure FortiGate as a DNS server FortiGate DNS server | FortiGate / FortiOS 7.6.4 | Fortinet Document Library.

To configure a DNS server, go to Network -> DNS Servers. If the option is not visible, go to System -> Feature Visibility and enable DNS Database in the Additional Features section.

From the CLI:

config system dns-server

    edit "port2"

    next

end

Verify that the DNS entry is properly configured on FortiGate to resolve internal DNS queries. To do so, go to Network -> DNS Servers and double-click on the DNS database.

From the CLI:

config system dns-database
    edit "TAC"
        set domain "tac.local"
            config dns-entry
                edit 1

                    set hostname "test"

                    set ip 192.168.100.1

                next

            end

        next

    end

From the client side, DNS is resolved for public DNS queries but not internal ones.


This happens due to the DNS zone being set to 'public' instead of 'shadow'. Refer to this document for more information regarding the different view types in a DNS zone: Technical Tip: DNS Database view type Shadow and Public for explicit proxy.

To verify the view type, go to Network -> DNS Servers and double-click on the DNS database.


Switch the view type to 'shadow' and confirm internal DNS queries are resolvable.