FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
The article describes how to solve the high latency when FortiGuard DNS server is used.
Starting from firmware version 7.0 onwards, the 'Use FortiGuard Servers' DNS will be using the DNS over TLS by default, but some of the site will be having high latency even unreachable to FortiGuard DNS.
And the DNS Protocols will be greyed out on GUI as shown below:
To change the different method to reach FortiGuard DNS, for example, change default TLS(TCP/853) to DNS (UDP/53), it is possible to change using CLI command below:
# config system dns set protocol cleartext <----- Default is dot(DNS over TLS).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.