As I know there are few DNS server support TLS. As shown below ===== DNS over TLS Cloudflare cloudflare-dns.com (1.1.1.1:853) cloudflare-dns.com (1.0.0.1:853) cloudflare-dns.com ([2606:4700:4700::1111]:853) cloudflare-dns.com ([2606:4700:4700::1001]:853) Google dns.google (8.8.8.8:853) dns.google (8.8.4.4:853) dns.google ([2001:4860:4860::8888]:853) dns.google ([2001:4860:4860::8844]:853) Quad9 dns.quad9.net (9.9.9.9:853) dns.quad9.net ([2620:fe::fe]:853) In order to enable DNS over TLS, I think I need to use those dns servers QUESTIONS: 1. I want to enable "DNS over TLS" and Internal DNS as well to solve internal server name I think if I can't use "DNS over TLS" if I point to Internal DNS Can I use split DNS like this config system dns-database edit "company1.com" set domain "company1.com" set authoritative disable set forwarder "10.243.13.1" next end
2. can I enable that using this command
config system dns
set primary 8.8.8.8
set dns-over-tls enforce
set ssl-certificate Fortinet_Factory
end
tq
UPDATE1: 1. I think this is the answer https://www.youtube.com/watch?v=3Ze3jMAdRTo&feature=emb_logo I need to setup dns server in Fortigate interface facing LAN/DMZ
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.