What describes the Forward DNS query mode of FortiGate?

The Forward DNS query mode of FortiGate is primarily designed to act as a DNS relay, directing DNS queries to an external DNS server when it cannot resolve them internally. This mode optimizes DNS resolution by leveraging external DNS servers to handle requests that cannot be satisfied by FortiGate’s local DNS cache.

In this setup, when a device within the network sends a query, FortiGate will first check its internal resources. If the requested domain is not found, it forwards the query to a configured DNS server instead of simply failing to resolve the query. This functionality allows for better flexibility and ensures that users can access resources outside of the local domain.

In contrast, the other options do not accurately encapsulate the behavior of FortiGate in Forward DNS query mode. For example, resolving queries internally only pertains to a different mode where all lookup responsibilities are handled by internal resources without using external servers. Forwarding all unresolvable queries suggests that all queries would be relayed, which is not the case since only those not found in the internal cache are forwarded. Lastly, blocking queries from external sources does not describe forwarding; rather, it implies a restrictive filtering action that prevents potential requests from reaching external DNS servers, which is unrelated to the forwarding process