Technical Tip: Enable DNS over TLS with Google DNS servers

Description

This article describes how to enable DNS over TLS on FortiGate to work with Google DNS servers for added security. 

Scope

FortiGate.

Solution

DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol.
The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.

Below is a typical topology.
FortiGate (client/server)<-----(DNS over TLS)<-----------------> DNS server/client

To configure DNS over TLS using the GUI:

1. Go to Network -> DNS.
   
2. Under DNS Protocols, enable TLS (TCP/853).
   
   

Note that when using DNS over TLS with Google DNS servers, the Server hostname must to changed accordingly as mentioned in this article:  Troubleshooting Tip: Google DNS with DNS over TLS ... - Fortinet Community