This article describes the situation where FortiGate GUI always shows high latency for the primary server irrespective of which DNS server is configured.

However, the CLI shows the correct values.

Server X and server Y are configured as primary and secondary.

Initially, the FortiGate system DNS will query X, and server Y is on standby.

If a query timeout is detected, server X will be downgraded, its latency value adjusted.

Then the same query will switch servers from X to Y and be sent as a retransmission. Server X at this point is put on standby.

Due to the passive nature of the mechanism, server X's latency value is stuck at the time of failure (high), and this value will not be updated again until 30 seconds later.

Once the time has passed, the FortiGate DNS will choose server X and direct queries to it.

Therefore, one of the two DNS servers presented on GUI is on standby and not being queried actively.

The other one is active and its rt value is constantly getting updated.

So presentation-wise, it can look like server X always has bad latency. In reality, server X's rt value might be 20 seconds old.

This issue is resolved in FortiOS 6.4.9 and 7.0.4

Related article: