9.2 DNS Cache Configuration
9.2.1 Configuration Guidelines
Table 9-1 General Settings of DNS Cache
Operation | Command |
Define related SLB component | slb real dns <real_name> <ip> <port> [max_conn]
[dns|icmp|script-tcp|script-udp|sip-tcp|sip-udp|dns] [hc_up] [hc_down] [timeout] slb virtual dns <virtual_name> <vip> [vport] [arp|noarp] [max_conn] slb policy static <virtual_name> <real_name> |
Enable DNS cache | dns cache {on|off} |
Configure the DNS cache expiration time | dns cache expire <min_seconds> <max_seconds> |
Establish hosts for the DNS cache | dns cache host <host_name> <ip> |
9.2.2 Configuration Example via CLI
- Step 1 Configure necessary SLB component
Since DNS cache is interdependent with SLB configuration strategies, please refer to the chapter Server Load Balancing (SLB). Below is a configuration example for DNS cache deployment. First, the SLB component needs to be established.
FortiBalancer(config)#slb real dns “RS_DNS_1” 10.1.1.10 53 1000 icmp 1 1 20
FortiBalancer(config)#slb virtual dns “VS_DNS_1” 10.1.61.100 53
FortiBalancer(config)#slb policy static “VS_DNS_1” “RS_DNS_1”
The commands above set up an SLB configuration where the real service is named and bound to a real IP address/port pair. This real service is then, in turn, bound to the configured virtual service via the static policy. These commands are covered in depth in the CLI Reference.
- Step 2 Enable DNS cache
To enable DNS cache, the “dns cache {on|off}” command should be used. The DNS cache is disabled by default.
FortiBalancer(config)#dns cache on
- Step 3 Configure the DNS cache expiration time
FortiBalancer(config)#dns cache expire 1 36000
- Step 4 Establish hosts for the DNS cache
FortiBalancer(config)#dns cache host “sting” 10.1.61.200
FortiBalancer(config)#dns cache host “gunrose” 10.1.61.100
FortiBalancer(config)#dns cache host “roxxette” 10.1.61.2
FortiBalancer(config)#dns cache host “queens” 10.1.61.47
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!