Fortigate DNS Settings

Envious3821 · ‎10-21-2024

Hello

We are running into issues with FDQNs we enter in the address section of the Fortigate resolving to different IPs than our client computers.

I did some research and found the articles that talk about matching the client and firewall DNS servers.

Currently our Fortigate is configured with Fortiguard DNS servers. I suppose I could change those to manually point to our internal DNS servers, but am I losing out on some security? We use QUAD9 internally as a DNS forwarder for our internal domain hosted DNS.. I could also change the Fortigate to QUAD9 as well and I think that might accomplish the same thing.

Any thoughts?

Umer221 · ‎10-21-2024

Hello @Envious3821

If internal FQDN resolution is critical for your FortiGate, consider pointing the FortiGate to your internal DNS servers and ensuring your internal DNS forwards to QUAD9.

Articles to refer to:
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/960561/fortigate-dns-server

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/960561/fortigate-dns-server

This approach ensures you maintain internal domain resolution. In terms of security, it largely depends on how you are securing your network and DNS traffic. FortiGate offers DNS over TLS (DoT) on port 853, providing encrypted DNS queries. However, if you decide to use your internal DNS server or any other external server, you can use the following article:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-Cloudflare-DNS-with-DNS-over-T...

Fortigate DNS Settings

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website