Information
Fortinet uses the Domain Name Service (DNS) to translate host names into IP addresses. To enable DNS lookups, you must specify the primary DNS server for your system. You can also specify secondary and tertiary DNS servers. When resolving host names, the system consults the primary name server. If a failure or time-out occurs, the system consults the secondary name server.
For security purpose, trusted DNS servers should be configured to prevent man-in-the-middle attacks.
Rationale:
The purpose is to perform the resolution of system hostnames to Internet Protocol (IP) addresses using trusted DNS servers.
Solution
In this example, we will assign 8.8.8.8 as primary DNS and 8.8.4.4 as secondary DNS.
In CLI:
FGT1 # config system dns
FGT1 (dns) # set primary 8.8.8.8
FGT1 (dns) # set secondary 8.8.4.4
FGT1 (dns) # end
FGT1 #
In the GUI, go to Networks -> DNS. Click on 'Specify' and put in 8.8.8.8 as 'Primary DNS Server' and 8.8.4.4 as 'Secondary DNS Server'
Default Value:
Default primary DNS server is 208.91.112.53. Default secondary DNS server is 208.91.112.52