Fortigate - DNS-over-TLS/QUIC
Hello there,
I have been trying for days to get this to work. I have tried Fortigate firmware 6.4.4 and 7.2.5 and 7.4.0 all with factory resetting the Fortigate. The setting on the Fortigate is not complex, simple as below
Configure NextDNS servers >you choose TLS > put your ID hostname in > click apply.
But is just does not work :( Any help from the Next DNS support team would be appreciated.
Thanks
10 replies
-
I'm not familiar with fortigate. This is just an observation.
Settings look confusing to me. I see you have set the nextdns IP and DoT dns-query hostname but what is "Use FortiGuard Servers" all about? Shouldn't that be set to something like Custom. It looks to me that you are querying nextdns through fortiguard servers thus their SSL certificate.
Also, did you give DoH a try?
-
I have tried DoH and it does not work either. The top setting 'use fortiguard servers' will use the fortinet fortiguard DNS servers which is the default. I clicked on 'specify' so I can choose my own DNS servers which in this instance are the Next DNS servers.
Does anyone know if support look at these threads? I messaged them two days ago and I have not had a response :(
DNS queries work, but my profile is not applied. Thanks for responding though.
If support would respond, I could provide logs for investigation.
-
What do you get with https://test.nextdns.io when this is set?
-
example DNS with DDNS being used as workaround:
{
"status": "ok",
"protocol": "UDP",
"profile": "fp261a576e43ad2a2e",
"client": "123.123.123.123",
"srcIP": "123.123.123.123",
"destIP": "45.90.30.140",
"anycast": true,
"server": "vultr-syd-1",
"clientName": "unknown"
}Change to DNS over TLS you can see profile is now gone:
{
"status": "ok",
"protocol": "DOT",
"client": "123.123.123.123",
"srcIP": "123.123.123.123",
"destIP": "45.90.30.140",
"anycast": true,
"server": "vultr-syd-1",
"clientName": "unknown-dot"
}I changed my WAN/Source IP to 123.123.123.123. DNS over HTTPS also does not work.
Content aside
-
1
Likes
- 1 yr agoLast active
- 10Replies
- 1190Views
-
4
Following