Configuring FortiGate DNS Server for Optimal Network Performance
Introduction
Configuring a DNS server on your FortiGate device can greatly enhance the network efficiency and security. Whether you’re managing a small business or a large enterprise, understanding how to set up FortiGate as a DNS server is crucial. This guide walks you through the necessary steps to configure your FortiGate device as both a primary and secondary DNS server, and how to leverage advanced features like DNS over HTTPS.
Understanding FortiGate DNS Server Roles
Before diving into the configuration steps, it's important to understand the roles a FortiGate DNS server can play:
- Primary DNS Server: Manually manage all URL and IP address combinations in-house, reducing traffic and access time while minimizing reliance on external DNS servers.
- Secondary DNS Server: Acts as a backup by referencing an external primary DNS server, ensuring redundancy and load balancing.
Steps to Configure the FortiGate as a DNS Server
Let's explore the detailed steps to set up FortiGate as a DNS server via the GUI and CLI.
Configuring FortiGate DNS Server through GUI
Enable DNS Server Options:
- Go to System > Feature Visibility.
- Enable DNS Database in the Additional Features section and click Apply.
Set up DNS Services:
- Navigate to Network > DNS Servers and enable DNS services on an interface.
- In the DNS Service on Interface table, click Create New.
- Configure the following settings:
- Interface: Choose the interface to enable DNS service on.
- Mode: Select from Recursive, Non-Recursive, or Forward to System DNS.
- DNS Filter: Apply a DNS filter profile (not available in Non-Recursive mode).
- DNS over HTTPS: Activate this for secure DNS resolution.
- Click OK.
Logging DNS Entries:
- In the DNS Database table, click Create New to build the DNS database.
- Configure the Type, View, Zone, Domain Name, and other settings as needed, ensuring you choose whether it’s a Primary or Secondary zone.
Configuring FortiGate DNS Server through CLI
If you prefer using CLI for your FortiGate setup, follow these steps:
Configure DNS Servers:
config system dns-serveredit <name>
set dnsfilter-profile {string}
set doh {enable | disable}
set mode {recursive | non-recursive | forward-only}
next
end
Set Up DNS Database:
config system dns-databaseedit <name>
set authoritative {enable | disable}
set contact {string}
set domain {string}
set forwarder {user}
set primary-name {string}
set ttl {integer}
set type {primary | secondary}
set view {shadow | public | shadow-ztna | proxy}
config dns-entry
edit <id>
set status {enable | disable}
set type {A | NS | CNAME | MX | AAAA | PTR | PTR_V6}
set ttl {integer}
set ip {ipv4-address-any}
set ipv6 {ipv6-address}
set hostname {string}
set canonical-name {string}
next
end
next
end
Conclusion
Employing FortiGate as a DNS server allows for significant improvements in network management by reducing reliance on external DNS services and enhancing speed along with security via protocols like DNS over HTTPS. Follow the steps detailed in this guide to optimize your FortiGate’s capabilities, ensuring your network operates smoothly and efficiently.
For further detailed configurations, visit the official FortiGate documentation.