Fortinet black logo

Cookbook

DNS over TLS

Copy Link
Copy Doc ID 5be0d1a4-3f0d-11eb-96b9-00505692583a:42181
Download PDF

DNS over TLS

DNS over TLS (DoT) is a security protocol for encrypting and wrapping DNS queries and answers via the TLS protocol. The goal of DNS over TLS is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. There is an option in the FortiOS DNS profile settings to enforce DoT for this added security.

To configure DoT in the GUI:
  1. Go to Network > DNS. The DNS Settings pane opens.
  2. For DNS over TLS, click Enforce.

  3. Click Apply.
To configure DoT in the CLI:
config system dns
    set primary 8.8.8.8
    set dns-over-tls enforce
    set ssl-certificate "Fortinet_Factory"
end

DNS over TLS

DNS over TLS (DoT) is a security protocol for encrypting and wrapping DNS queries and answers via the TLS protocol. The goal of DNS over TLS is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. There is an option in the FortiOS DNS profile settings to enforce DoT for this added security.

To configure DoT in the GUI:
  1. Go to Network > DNS. The DNS Settings pane opens.
  2. For DNS over TLS, click Enforce.

  3. Click Apply.
To configure DoT in the CLI:
config system dns
    set primary 8.8.8.8
    set dns-over-tls enforce
    set ssl-certificate "Fortinet_Factory"
end