When the DNS is selected as the protocol for the performance SLA, the working is different from the Ping protocol. Considering the below Performance SLA, which uses the DNS method:

With the above settings, the firewall will send probes with DNS servers configured in Network ->DNS settings. In this case, FortiGuard servers (96.45.45.45 and 96.45.46.46):

The DNS domain probed with the default settings is example.com:

config system sdwan

(sdwan) # config health-check

    edit "FQDN"set probe-packets enable
        set addr-mode ipv4
        set system-dns enable
        set detect-mode active
        set ha-priority 1
        set dns-request-domain "www.example.com"  <----- Default domain to probe.

Verify the behavior when  the DNS server is specified to probe instead of the system DNS:

In this case, 4.2.2.2 is specified :

Now the source used to probe the example.com is 4.2.2.2:

The default algorithm to probe the DNS server is least-rtt:

(dns) # set server-select-method
least-rtt Select servers based on least round trip time.
failover Select servers based on the order they are configured.

By default, a continuous probe will be sent to the specified DNS servers.

If the mode is changed to failover in DNS settings, the behavior is changed:

(dns) # set server-select-method failover

(dns) # end

After selecting the Failover method, the probes will be sent to the primary DNS server only:

The probes will only shift to secondary DNS(4.4.2.2) if the primary goes down:

Also, it is possible to change the domain being probed, as mentioned in the article below:

Technical Tip: DNS as probe protocol on SD-WAN Performance SLA health check