Hello! I wanted to ask about " config system dns-server" parameters. I defined dns server on one interface (FortiGate 100D, 5.0, GA Patch 4) and there are three modes to choose. I chose " forward-only" because that' s what I wanted to achieve and it works.
I want FG also to cache queries. Does " forward-only" include caching? If not, should I set the mode to " recursive" because the description says that it first looks up name in local database and then relays the request to FortiGate unit' s DNS servers.
More specifically, I didn' t understand the meaning of " local database" . This is mentioned in the case when there are zones defined in FortiGate, but there aren' t any. Does that mean that after choosing " recursive" , the dns-query performs local lookup which finds nothing and then queries other DNS servers (so that it will be unnecessarily slower because of the first extra step) or it really caches queries and looks up cache first, which makes responses faster?
DNS queries are always cached.
Recursive lookup mode allows you to maintain a local DNS. In a SOHO environment, this can be convenient. First, the FGT looks up the local DNS zone info and, if nothing matches, it then queries the system DNS.
If you don' t want to run a local DNS on the FGT then use the ' Forward' mode.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.