Use FortiGate's System DNS 'set system-dns enable' or specify a target DNS server.

Optionally,  configure 'dns-request-domain' and 'dns-match-ip' (available under the CLI settings).

dns-request-domain<----- If not set, FortiGate queries example.com by default.

dns-match-ip<----- 0.0.0.0 by default, as long as FortiGate can query the DNS server with the 'dns-request-domain' and gets a DNS response, Performance SLA will be successful and the interface member state will show as alive.

Example:

config system sdwan
    set status enable
        config health-check
            edit "dns_sla"
                set server "8.8.8.8"
                set protocol dns
                set dns-request-domain "update.fortiguard.net"

                set dns-match-ip 12.34.97.16
                set members 1 2
            next
        end

Packet captured for the DNS as probe protocol from FortiGate(10.47.1.37) to the target server (8.8.8.8):

The DNS response from the target server includes 12.34.97.16 in the list of resolved IP addresses. So the performance SLA will show as alive because it is also the IP address set on the 'dns-match-ip'.

If any of the resolved IP addresses from the DNS response list does not match the configured IP address on 'dns-match-ip', Performance SLA will fail and the interface's member state will show as 'dead' member.

Related documents:
Performance SLA overview
Default_DNS performance SLA profile