Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mattchow_FTNT
Staff
Staff

Created on ‎07-31-2022 09:46 PM

Article Id 219170

Technical Tip: High latency on FortiGuard DNS servers

Description The article describes how to solve the high latency when FortiGuard DNS server is used.
Scope

FortiGate.
Solution

Starting from firmware version 7.0 onwards, the 'Use FortiGuard Servers' DNS will be using the DNS over TLS by default, but some of the site will be having high latency even unreachable to FortiGuard DNS.

 

And the DNS Protocols will be greyed out on GUI as shown below:

 

mattchow_FTNT_2-1659324441900.png

 

To change the different method to reach FortiGuard DNS, for example, change default TLS(TCP/853) to DNS (UDP/53), it is possible to change using CLI command below:

 

# config system dns
    set protocol cleartext  <----- Default is dot(DNS over TLS).

end

mattchow_FTNT_3-1659324892208.png
13707
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.