Troubleshooting

Wrong DNS Server used by random clients

Problem

Fortigate VPN users reporting that they cannot connect to internal resources anymore.
When you check the client the internal host is reachable by IP but it appears that windows isn't using the internal DNS server to resolve the host name. A check with nslookup was working when testing this on the VPN client.

Solution

the clients having issues were using IPV6 and learned about this feature in Windows call "Smart Multi-Homed Name Resolution". It sounds like Windows will forward a DNS query to both the IPV6 and IPV4 DNS servers and use the first response.

Adding a regkey to disable the parallel queries and the issue cleared.

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

https://forum.fortinet.com/tm.aspx?m=190334