Basically it comes down to whether you host your own DNS records. If you don't, and simply want hosts on your network to forward DNS queries to the FortiGate which in turn forwards them to the Internet, then forward is definitely the mode you want.
Here are a few articles that may help you further:
- non-recursive: check local (FGT) DNS records and fail if not found
- recursive: check local (FGT) DNS records and forward to system DNS if not found
NB it's a good idea to use the FGT as DNS proxy as DNS requests are cached. To avoid your users using malicious DNS you should block all DNS requests from LAN to WAN - it's the FGT which hosts should query exclusively. The FGT usually is configured to use a trusted DNS, either from your ISP or some well-known public DNS like quad4.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.