Description
This article describes the behavior of SDNS Server IP when Anycast is disabled/enabled under FortiGuard settings.
Scope
FortiGate, DNS Filter.
Solution
SDNS servers are used to send DNS rating queries when using the DNS Filter Security Profile in the firewall policies.
Since FortiOS v6.4.3, by default FortiGate is using the Anycast method to address the FortiGuard servers and the factory value is SDNS server IP is set to be 208.91.112.220.
Hence when initially disabling the FortiGuard anycast method, the SDNS server IP will be automatically set to 208.91.112.220.
However, if changing the value of the SDNS server IP to a custom value, and then enabling/disabling anycast again, it will show that the custom value will show up again.
For example, if the SDNS server is set to 8.8.8.8, hence the custom value 8.8.8.8 will show if enabling/disabling anycast again.
In case, unsetting the SDNS server IP previously, then enabling/disabling anycast again will result in no SDNS server being set under FortiGuard settings.
Note: This could result in a DNS filter rating issue when switching from FortiGuard anycast enabled to anycast disabled settings if the SDNS server has been unset or misconfigured previously.
