Created on 05-27-2020 01:22 AM Edited on 04-07-2022 12:48 PM By Anonymous
Description
This article describes how to configure DNS over TLS.
Solution
DNS over TLS (DoT) is a security protocol for encrypting and wrapping DNS queries and answers via the TLS protocol.
The goal of DNS over TLS is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
There is an option in the FortiOS DNS profile settings to enforce DoT for this added security.
To configure DoT From the GUI.
1) Go to Network -> DNS. The DNS Settings pane opens.
2) For DNS over TLS, select 'Enforce'.
3) Select 'Apply'.
# config system dns
set primary 8.8.8.8
set secondary 1.1.1.1
set dns-over-tls enforce
set ssl-certificate "Fortinet_Factory"
end
'At moment, the FortiGuard DNS servers (208.91.112.53 and 208.91.112.52) does not support DNS over TLS.'
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.