let's differentiate between two points; DNS lookup and the traffic. The traffic will be according to the security policy, and this may include the DNS lookup.
The DNS lookup is according to the DNS configured on the hosts. If you use a DHCP server, you have the control to distribute different DNS to each subnet. For example on FortiGate
config system dhcp server
set default-gateway 10.1.6.8
set netmask 255.255.255.0
set interface "Workstation"
set start-ip 10.1.6.220
set end-ip 10.1.6.240
set dns-server1 10.1.2.23
set dns-server2 10.1.2.24
In the DHCP server configuration, you have three options for the DNS
FortiGate # set dns-service
local: IP address of the interface the DHCP server is added to becomes the client's DNS server IP address.
default: Clients are assigned the FortiGate's configured DNS servers.
specify: Specify up to 3 DNS servers in the DHCP server configuration.
If you decide that the hosts will use the FortiGate interface, then you should confirm that the default gateway or the route to the DNS on FortiGate goes through the ISP that will allow it.
The same If you decide that the hosts will use the default DNS of FortiGate, then you should confirm that the routing of this traffic from the users is allowed and goes through the ISP that will allow it.
If you specify, then specify for each subnet the suitable DNS.
To conclude, if FortiGate is the DNS, then it is a matter of how FortiGate resolves DNS. If the hosts uses a DNS, then they should use the correct one.
Cell : +201001615878
E-mail : email@example.com