echo
Contributor II

Which DNS-server mode to use?

Hello! I wanted to ask about " config system dns-server" parameters. I defined dns server on one interface (FortiGate 100D, 5.0, GA Patch 4) and there are three modes to choose. I chose " forward-only" because that' s what I wanted to achieve and it works. I want FG also to cache queries. Does " forward-only" include caching? If not, should I set the mode to " recursive" because the description says that it first looks up name in local database and then relays the request to FortiGate unit' s DNS servers. More specifically, I didn' t understand the meaning of " local database" . This is mentioned in the case when there are zones defined in FortiGate, but there aren' t any. Does that mean that after choosing " recursive" , the dns-query performs local lookup which finds nothing and then queries other DNS servers (so that it will be unnecessarily slower because of the first extra step) or it really caches queries and looks up cache first, which makes responses faster?
2 REPLIES 2
ede_pfau
Esteemed Contributor III

DNS queries are always cached. Recursive lookup mode allows you to maintain a local DNS. In a SOHO environment, this can be convenient. First, the FGT looks up the local DNS zone info and, if nothing matches, it then queries the system DNS. If you don' t want to run a local DNS on the FGT then use the ' Forward' mode.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
echo
Contributor II

OK, I see that I should leave it as it is then. I also found that there are parameters for configuring that cache, which hints that it is there anyway. Thank you.