I have a Fortigate 201F (firmware 7.0.10) with a LAN with a windows domain with 2 windows servers acting as DNS servers. All clients inside my LAN, laptops, desktops and servers all use the 2 Windows DNS servers for DNS.
The DNS settings in my Fortigate 201F are causing me a headache.
1. If I have the Network -> DNS -> DNS Settings set to the FortiGuard servers, benign websites such as cnn.com get blocked and https sites do not respond.
2. If I have one of my Windows servers set as the primary DNS and a FortiGuard server as the secondary DNS, websites display normally.
3. If I set the DNS Settings to use both of my internal Windows DNS servers, then I get a message about not being able to reach the FortiGuard servers and the safe websites get blocked again and https sites do not respond.
My workaround is to keep the primary DNS in the Fortigate as one of my Windows DNS servers and the secondary as a FortiGuard server. I would like to get to where I can use the Fortiguard servers only.
Under Network -> DNS Servers -> DNS Service on Interface: I have the LAN in recursive mode. I think this may be my problem as I think I may have the FortiGate as well as the 2 Windows servers trying to serve DNS to the LAN all at once. If I remove the DNS Server on Interface for the LAN, could this help my DNS issue?