Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Jonathan_Body_FTNT
Staff
Staff

Created on ‎09-16-2011 08:08 AM Edited on ‎04-04-2022 01:44 PM By Anonymous

Article Id 191735

Technical Note : FortiMail How to disable DNS queries for private IP addresses

Description

FortiMail provides an option to turn on and off locally generated DNS queries for private IP addresses.


Scope

FortiMail v4.0 and above.


Solution

FortiMail provides an option to turn on and off locally generated DNS queries for private IP addresses.

Private IP addresses are defined by RFC 1918 Reverse-Map Private and include the following ranges:

192.168.0.0/16
172.16.0.0/12
10.0.0.0/8

These queries are configured with the following CLI command
config sys dns
set private-ip-query disable
If a FortiMail unit is configured to point to a public DNS server then it is recommended to disable private-ip-query to limit the amount of traffic that can potentially hit DNS root name servers.

Any address that does not fall into the IP ranges defined by RFC 1918 will be subject to a DNS lookup by the FortiMail

 

 

Labels:
1654
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.