What's difference between recursive, non recursive and forward to system dns

raka_hartawan · ‎12-17-2018

Hi all,

I want to use fortigate as DNS Server. So May you explain for differences between recursive, non recursive and forward to system dns?

lobstercreed · ‎12-18-2018

Hi Raka,

Basically it comes down to whether you host your own DNS records. If you don't, and simply want hosts on your network to forward DNS queries to the FortiGate which in turn forwards them to the Internet, then forward is definitely the mode you want.

Here are a few articles that may help you further:

https://www.fortinetguru.com/2016/12/dns-services/

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/DNS%20Services/DNS%20S...

http://help.fortinet.com/cli/fos60hlp/60/index.htm#FortiOS/fortiOS-cli-ref/config/system/dns-server....

https://forum.fortinet.com/tm.aspx?m=108681

- Daniel

ede_pfau · ‎12-18-2018

and

- non-recursive: check local (FGT) DNS records and fail if not found

- recursive: check local (FGT) DNS records and forward to system DNS if not found

NB it's a good idea to use the FGT as DNS proxy as DNS requests are cached. To avoid your users using malicious DNS you should block all DNS requests from LAN to WAN - it's the FGT which hosts should query exclusively. The FGT usually is configured to use a trusted DNS, either from your ISP or some well-known public DNS like quad4.

Ede Kernel panic: Aiee, killing interrupt handler!

What's difference between recursive, non recursive and forward to system dns

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website