What is true about the DNS connection to a FortiGuard server when configured as DNS servers?

The connection to a FortiGuard server when configured as DNS servers employs DNS over TLS, which is a protocol designed to provide a secure and encrypted method of DNS resolution. This is important for ensuring that DNS queries cannot be easily intercepted or manipulated by malicious actors, enhancing privacy and security.

Using DNS over TLS means that the DNS queries sent to the FortiGuard servers are encrypted, providing protection against various types of eavesdropping and spoofing attacks that can occur when DNS traffic is transmitted in plain text. The protocol leverages Transport Layer Security (TLS) to secure the connection, making user data more resilient to potential threats during the resolution process.

In contrast, standard DNS without encryption sends queries in plaintext, which is vulnerable to interception and manipulation. While DNS over HTTP could theoretically provide an alternative encrypted method, it is not the method used in this context for FortiGuard servers. Furthermore, the statement about support within FortiGate configurations is inaccurate; FortiGate devices are indeed capable of utilizing DNS over TLS for their DNS server configurations, which aligns with contemporary security standards.