I'm have the same issue on my Fortigate 100E FortiOS 5.4.4. I tried deleting the session helper, without luck (but it didn't seem to hurt anything either). I also verified my DNS Source IP is 0.0.0.0 already too.
@MikePruett, you stated you created some new security sensors. Are you saying you created new security profiles (AV, Web Filter, App Control, Etc..) across the board, or just for the ones that tied to a policy for DNS traffic?
lmccuistian - what are you using for system DNS? If you have private DNS servers set there, try switching them to FortiGuard or public DNS to see if it helps. We typically have that set up, and then use internal DNS for any DHCP scopes running on the FortiGate.
I tried that, but no luck there either. Still logging Deny: DNS Errors and also Deny: IP Connection Errors.
On my other Fortigate devices I typically have the primary DNS set to an internal DNS and secondary set to external. The primary reason for this is so that in my logs, it will resolve internal hostnames.
I was using the default security profiles that ship with the unit, just had modified them a bit to meet my need. But I just tried as you suggested and created brand new profiles for AV, Webfilter, App Control, Proxy, and Certificate Inspection applied the new ones to every policy that is using them, but it made no change for me. I'm getting nothing but Deny: IP connection errors in my log.
FWIW, I just installed a Fortigate 200D with FortiOS 5.4.4. About 30% of the DNS requests were getting the DNS Error message. Deleting the DNS session-helper seems to have eliminated all the DNS error messages. Throughput greatly improved.
Sorry, I didn't update this thread sooner. I think I found the solution to my problem. It seems the log severity was set much higher than it should have been. I set the log severity to informational by using the commands below and now I have a usable log.
config log mem filter
set severity information
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.