To simplify configuration for a virtual system, a DNS
server profile allows you to specify the virtual system that is being configured, an inheritance source or the primary and secondary IP addresses of DNS servers, and a source interface and source address (service route) that will be used in packets sent to the DNS server. The source interface determines the virtual router, which has a route table. The destination IP address is looked up in the route table of the virtual router where the source interface is assigned. It’s possible that the result of the destination IP egress interface differs from the source interface. The packet would egress out the destination IP egress interface determined by the route table lookup, but the source IP address would be the address configured. The source address is used as the destination address in the reply from the DNS server.
The virtual system report and virtual system server profile send their queries to the DNS server specified for the virtual system, if there is one. (The DNS server used is defined in
Device > Virtual Systems > General > DNS Proxy.) If there is no DNS server specified for the virtual system, the DNS server specified for the firewall is queried.
Configure a DNS Server Profile
for a virtual system only; it’s not for a global Shared location.