This article explains how to configureFQDN addresses to resolve using a DNS database instead of the system DNS.
Scope
FortiGate.
Solution
In certain network environments, it is necessary to resolve specific FQDN entries to a local server’s IP address. This can be done by configuring the DNS database on FortiGate rather than relying on the system’s default DNS.
For example, it is necessary to configure the domain address ‘mail.fortilab.com’ as an FQDN address so that it resolves to the IP address ‘1.1.1.1’.
From GUI: Go Under Network > DNS Servers:
From CLI:
config system dns-database edit "fortilab" set domain "fortilab.com" config dns-entry edit 1 set hostname "mail" set ip 1.1.1.1 end config firewall address edit "mail" set uuid 31ba31c6-3550-51ef-0493-b2fa39fb5131 set type fqdn set fqdn "mail.fortilab.com" next end # di firewall fqdn list-ip | grep mail.fortilab.com -A5 fqdn_u 0xebb59b0 mail.fortilab.com: type:(1) ID(8) count(1) generation(2) data_len:13 flag: 1 ip list: (1 ip in total) ip: 1.1.1.1 Total ip fqdn range blocks: 1. Total ip fqdn addresses: 1.