Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff

Created on ‎12-25-2022 10:34 AM Edited on ‎11-23-2023 05:43 AM By Moderator

Article Id 240785

Troubleshooting Tip: FortiGate is not using the configured DNS server

Description This article describes the use of DNS-server-override when the internet link is dynamic (PPPoE or DHCP).
Scope FortiGate 6.4. FortiGate 7.0. FortiGate 7.2. FortiGate 7.4.
Solution

When the FortiGate internet is assigned an IP address from PPPoE or DHCP, it will get a DNS IP from it. FortiGate will use the acquired DNS IP for the ISP, as well as the configured DNS server IP in the DNS settings.

 

hhasny_1-1671869770419.png

 

To use the configured DNS server, disable the 'Override internal DNS'.

 

hhasny_0-1671869540841.png

 

This does not mean that FortiGate DNS will not be used.
There are cases when acquired DNS from ISPs is not reachable or when system DNS has lower latency, in this case, both acquired and system DNS will be used.

 

One example of implementing this feature is when using VDOMs and using specific DNS servers for a particular VDOM and not using global settings but per-vdom DNS.

 

From CLI:

 

config system interface
    edit "<ISP>"
        set dns-server-override enable    (by default)
    next
end

 

Related documents:
1082
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.