I have a pihole server on my network that is responsible for all DNS and DHCP. The pihole is configured to use cloudflared DoH for added security.
I have added a lan-wan policy on my fortigate 30E that blocks all DNS udp/53 requests to the internet. This is working well but I have a number of devices on my network (chromecasts, amazon plugs, jvc tvs) that simply do not honor the DHCP issued dns servers and seem to be hard coded to use 18.104.22.168 and 22.214.171.124.
Prior to getting the fortigate I used to have a ubiquiti edgerouter x. On this device I had what they called a DNAT policy which used to capture all dns queries heading for the wan interface and redirect them to my internal pihole server. the pihole would then resolve them via DoH and respond via the router to the devices.
I am really stuck trying to replicate this on the Fortigate. I have tried a number of things like the VIP objects and policies but I cannot get this to replicate what I had before.