Fortinet 131 FortiWeb 5.0 Patch 6 Administration Guide
To configure DNS settings via the web UI
1. Go to System > Network > DNS.
To change settings in this part of the web UI, your administrator's account access profile
must have Write permission to items in the Network Configuration category. For details, see
“Permissions” on page 47.
2. In Primary DNS Server, type the IP address of the primary DNS server.
3. In Secondary DNS Server, type the IP address of the secondary DNS server.
4. In Local Domain Name, type the name of the local domain to which the FortiWeb appliance
belongs, if any.
This field is optional. It will not appear in the Host: field of HTTP headers for client
connections to your protected web servers.
5. Click Apply.
The appliance will query the DNS servers whenever it needs to resolve a domain name into
an IP address, such as for NTP system time, FortiGuard services, or web servers defined by
their domain names (“domain servers”).
6. To verify your DNS settings, in the CLI, enter the following commands:
execute traceroute <server_fqdn>
where <server_fqdn> is a domain name such as www.example.com.
If the DNS query for the domain name succeeds, you should see results that indicate that
the host name resolved into an IP address, and the route from FortiWeb to that IP address:
traceroute to www.example.com (192.0.43.10), 30 hops max, 60 byte
packets
1 172.20.130.2 (172.20.130.2) 0.426 ms 0.238 ms 0.374 ms
2 static-209-87-254-221.storm.ca (209.87.254.221) 2.223 ms 2.491
ms 2.552 ms
3 core-g0-0-1105.storm.ca (209.87.239.161) 3.079 ms 3.334 ms
3.357 ms
...
16 43-10.any.icann.org (192.0.43.10) 57.243 ms 57.146 ms 57.001
ms
If the DNS query fails, you will see an error message such as:
traceroute: unknown host www.example.com
CFG_CLI_INTERNAL_ERR
Verify your DNS server IPs, routing, and that your firewalls or routers do not block or proxy
UDP port 53.
DNS tests may not succeed until you have completed “Adding a gateway” on page 125.