Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sindre-FTNT
Staff
Staff

Created on ‎10-28-2019 07:50 AM Edited on ‎04-25-2025 04:35 AM By Community Manager

Article Id 194208

Technical Tip: Enable DNS over TLS with Google DNS servers

Description


This article describes how to enable DNS over TLS on FortiGate to work with Google DNS servers for added security. 

 

Scope

 

FortiGate.

Solution

DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol.
The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.

Below is a typical topology.
FortiGate (client/server)<-----(DNS over TLS)<-----------------> DNS server/client

To configure DNS over TLS using the GUI:

  1. Go to Network -> DNS.
  2. Under DNS Protocols, enable TLS (TCP/853).

Note that when using DNS over TLS with Google DNS servers, the Server hostname must to changed accordingly as mentioned in this article:  Troubleshooting Tip: Google DNS with DNS over TLS ... - Fortinet Community

 

dns.png

 

To configure DNS over TLS using the CLI:
 
config system dns
    set primary 8.8.8.8
    set secondary 8.8.4.4
    set protocol dot
    set server-hostname "dns.google"
end
Labels:
3499
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.