Skip to main content
peterk2020
peterk2020
Visitor III
April 29, 2026
Solved

enable "same as interface" DNS and it doesn't work

  • April 29, 2026
  • 2 replies
  • 80 views

I’m trying to setup a DNS service on the network interface.  I followed the instructions on this link.  However, it doesn’t resolve anything on the public domain.  It resolves interface domain name.  It looks like Fortigate doesn’t forward the query to system DNS servers.  Anything I need to check?  I used the following link to create DNS service.  Technical Note: DNS resolution not working when DNS Server configured to 'Same as Interface IP' | Community
Basically, I want a user to use Fortigate interface as a DNS server IP and have Fortigate to resolve internal domain relying on the local dns database but forward to system dns servers to resolve anything outside domain names.

    Best answer by Toshi_Esumi

    @peterk2020 My guess is the new DNS servers you set doesn’t support the default protocol of FTGD DNS servers. This is the default DNS settings:
     

    LAB-FG60F (dns) # show
    config system dns
        set primary 96.45.45.45
        set secondary 96.45.46.46
        set protocol dot
        set server-hostname "globalsdns.fortinet.net"
    end

    LAB-FG60F (dns) # set protocol ?
    cleartext    DNS over UDP/53, DNS over TCP/53.
    dot          DNS over TLS/853.
    doh          DNS over HTTPS/443.

    When we change DNS servers to something else, we regularly use “cleartext” since we don’t know what the other DNS servers would support as protocol and its host name for TLS encryption.

    Toshi

    2 replies

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    April 29, 2026

    The KB you referred to is to just forward all queries to the system DNS servers. Did you choose “Recursive” for the “DNS Servers” setting? You might have chosen “Non-recursive” instead based on the symptom.

    Toshi

    peterk2020
    peterk2020Author
    Visitor III
    April 29, 2026

    Thanks for your reply Toshi.  I tried all three different options.  
    First, I set the interface DHCP DNS as “same as interface IP”.
    Second, I added the interface and set to “recursive” and I added dns database for internal domains.  

    with this config, I can resolve internal names, but not the public domain names like google.com.  I changed the mode to “forward to system DNS”.  Same result.

    funkylicious
    SuperUser
    funkylicious
    SuperUser
    April 29, 2026

    recursive should do the trick.

    from the FGT i assume that with the system DNS servers in place you can resolve public domains.

    i dont recall if you also need a firewall policy for internal subnets to the system dns servers or not.

    "jack of all trades, master of none"
    peterk2020
    peterk2020Author
    Visitor III
    April 30, 2026

    That was it.  I should have checked the options.  I really appreciate your help.  

    Terms & ConditionsAccessibility statement