Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

DNS Proxy / Redirection based on (wildcard) domainname

Hi all,


I want to configure the following:

Use the Fortigate as DNS server.

When a user enters a specific text(eg:acceptance.location) in the URL/Domain like '' i want the DNS request forwarded to a group of DNS servers(

When a users enters a specific text(eg:production.location) in the URL/Domain like '' i want the DNS request forwarded to a group of DNS servers(


Is this possible on our Fortigate V6.0.0?


Kind regards,



New Contributor

Hi all,


No one got a clue if this works or how to solve this?




Valued Contributor III

As far as I am aware, this is done on the DNS server with zones. I'm not aware of any mechanism on a Fortigate that would do this. One DNS server would forward requests to the second. (actually it would act as a slave and use records from the primary)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:

if a DNS is not authoritative for a domain (i.e. it does not have a zone for it at all) it will ask the root dns servers who is authoritative and then forward the request to it. This is standard DNS protocoll.

If the root dns dont know that domain too it will state "NXDOMAIN" (i.e. doesn't exist/cannot be resolved).


if it is authortiative (i.e. it has a zone for the domain) it will use the information in its zone to resolve it.

FortiGate's DNS Server can manage zones.


However you cannot afaik forward DNS Traffic specific for a domain. DNS Forward will only forward all.

Maybe you could do it with a policy that only allows DNS for domain #1 to the correct server. But I never tried that, so not sure if it would work...


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
New Contributor

Hi all,

Thanks for your answers.

This seems what i'm look for:

DNS Request Routing -









yes it probably is. Am just not sure if this is supported by FortiOS...


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Top Kudoed Authors