FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gakshay
Staff
Staff
Article Id 193830

Description
This article describes how to configure DNS over TLS.

Solution
DNS over TLS (DoT) is a security protocol for encrypting and wrapping DNS queries and answers via the TLS protocol.
The goal of DNS over TLS is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.
There is an option in the FortiOS DNS profile settings to enforce DoT for this added security.


To configure DoT From the GUI.
1) Go to Network -> DNS. The DNS Settings pane opens.
2) For DNS over TLS, select 'Enforce'.
3) Select 'Apply'.


 

 
 
To configure DoT from the CLI.
# config system dns
  
 set primary 8.8.8.8
    set secondary 1.1.1.1
    set dns-over-tls enforce
    set ssl-certificate "Fortinet_Factory"
end

'At moment, the FortiGuard DNS servers (208.91.112.53 and 208.91.112.52) does not support DNS over TLS.'

Contributors