Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

DNS Fortiguard in Fortigate

hi Friends, a question
Why is it not recommended to use fortiguard DNS? I have checked the FG and I have realized that it has those DNS and not from my ISP.

 

Screenshot_10.jpg

 

According to your experience, is it advisable to put the ones from google?

 

Screenshot_9.jpg

 

5 REPLIES 5
srajeswaran
Staff
Staff

Hi @unknown1020 , There are no specific disadvantages/advantages in using Fortiguard DNS servers. You can use the DNS server which has better reachability/availability.

https://www.reddit.com/r/fortinet/comments/12tf5g5/drawback_of_not_using_fortiguard_dns_besides/

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

unknown1020

but if you use the dns of fortiguard it would not be advantageous since if the fortiguard servers go down, you would have problems browsing the internet. It seems to me that two months ago there was a problem so the dns of fortiguard fell.

srajeswaran

It could be due to connectivity/server issues. We can use other DNS servers if there are issues with the default fortiguard DNS servers.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Yurisk
Valued Contributor

While it is not strictly speaking "advised against" using FortiGuard DNS servers for regular DNS queries, there are simply no benefits to using them. The common sense, on the other hand, will tell us that the disadvantages would be:

 

  •  Unfortunately,  Fortinet's infrastructure is a bit smaller, yet, than Google (8.8.8.8) or CloudFlare (1.1.1.1), which means less DNS servers, less geographical spread of those servers, less capacity. All of this may result in high latency of the answers, and lost queries.
  • Even the local ISP where the FGT is installed will be much faster to answer DNS (4-5 msec) than FTNT DNS located some 40-50 msecs away. 
  • The only benefit/obligation to use FortiGuard DNS servers was for DNS Filtering to work, but it was lifted as well some 5-6 years ago, so even for that there is no benefit to using Fortiguard DNS.
  • (almost forgot) Yes, you may use them if using DDNS for the FGT WAN IP resolving. 
Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
sw2090
Honored Contributor

we experienced a much better performance with using local dns instead of the Fortinet ones.

We haven't yet found any problems or disadvantages with that on our FGT.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors