Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff

Created on ‎10-14-2025 07:28 AM Edited on ‎11-11-2025 06:46 AM By Moderator

Article Id 414728

Troubleshooting tip: Internal DNS queries are not resolved when FortiGate is used as a DNS server

Description This article describes how to troubleshoot issue with resolving internal DNS queries.
Scope FortiGate.
Solution

Follow the steps in this document to configure FortiGate as a DNS server FortiGate DNS server | FortiGate / FortiOS 7.6.4 | Fortinet Document Library.

To configure a DNS server, go to Network -> DNS Servers. If the option is not visible, go to System -> Feature Visibility and enable DNS Database in the Additional Features section.


Screenshot 2025-10-11 102720.png
From the CLI:

config system dns-server

    edit "port2"

    next

end

Verify that the DNS entry is properly configured on FortiGate to resolve internal DNS queries. To do so, go to Network -> DNS Servers and double-click on the DNS database.

Screenshot 2025-10-11 103539.png


From the CLI:

config system dns-database
    edit "TAC"
        set domain "tac.local"
            config dns-entry
                edit 1

                    set hostname "test"

                    set ip 192.168.100.1

                next

            end

        next

    end


From the client side, DNS is resolved for public DNS queries but not internal ones.

Screenshot 2025-10-11 105352.png
This happens due to the DNS zone being set to 'public' instead of 'shadow'. Refer to this document for more information regarding the different view types in a DNS zone: Technical Tip: DNS Database view type Shadow and Public for explicit proxy.

To verify the view type, go to Network -> DNS Servers and double-click on the DNS database.

Screenshot 2025-10-11 110553.png
Switch the view type to 'shadow' and confirm internal DNS queries are resolvable.

Screenshot 2025-10-11 111014.png
Screenshot 2025-10-11 111226.png

 

Related articles:
Technical Tip: FortiGate Troubleshooting DNS commands

Technical Tip: DNS server on FortiGate caused FortiGate DNS latency

Technical Tip: DNS troubleshooting

Technical Tip: DNS stops working when using custom DNS

Technical Tip: FortiGate DNS Server works as DNS proxy

Technical Tip: DNS server is unreachable when using custom DNS 
Technical Tip: DNS over TLS (DoT) with 3rd Party Global DNS (Google DNS)

Technical Tip: Enable DNS over TLS with Google DNS servers
Technical Tip: Different options of configuring DNS server on FortiGate

Troubleshooting Tip: Using Cloudflare DNS with DNS over TLS showing as unreachable 

Troubleshooting Tip: Google DNS with DNS over TLS showing as unreachable

Troubleshooting Tip: Domain Name ServDNS not responding

Troubleshooting Tip: Quad9 DNS with DNS over TLS showing as unreachable
284
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.