Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Envious3821
New Contributor

Fortigate DNS Settings

Hello

 

We are running into issues with FDQNs we enter in the address section of the Fortigate resolving to different IPs than our client computers.

 

I did some research and found the articles that talk about matching the client and firewall DNS servers.

 

Currently our Fortigate is configured with Fortiguard DNS servers.  I suppose I could change those to manually point to our  internal DNS servers, but am I losing out on some security?  We use QUAD9 internally as a DNS forwarder for our internal domain hosted DNS..  I could also change the Fortigate to QUAD9 as well and I think that might accomplish the same thing.

 

Any thoughts?

1 REPLY 1
Umer221
Staff
Staff

Hello @Envious3821 

If internal FQDN resolution is critical for your FortiGate, consider pointing the FortiGate to your internal DNS servers and ensuring your internal DNS forwards to QUAD9.

Articles to refer to:
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/960561/fortigate-dns-server

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/960561/fortigate-dns-server

 

This approach ensures you maintain internal domain resolution. In terms of security, it largely depends on how you are securing your network and DNS traffic. FortiGate offers DNS over TLS (DoT) on port 853, providing encrypted DNS queries. However, if you decide to use your internal DNS server or any other external server, you can use the following article:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-Cloudflare-DNS-with-DNS-over-T...

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors