It is possible to setup your FortiGate device so that requests towards specific domains are forwarded to a Windows DNS server. Below are the steps needed to get this working.
On the Windows Master DNS Server
On the FortiGate Slave
Go to System > Network > DNS Servers and Create a new DNS Database.
You will then to add an SRV record, as well as identify the source IP address if your Master DNS is over VPN;
config system dns-database edit "<dns_zone>" set forwarder "<IP of Master DNS>" next end
config system dns-database edit "<dns_zone>" set source-ip "<IP of FortiGate>" next end
Add the DNS service to the Interface
You can test the new DNS service works by running a ping through your FortiGate CLI
execute ping-options source <interface IP address> execute ping <FQDN of a server in the new DNS zone>
The interface your users connect to may be set to use the “Same as System DNS”. If you use external DNS servers this means your users will not benefit from the changes we have just made.
To fix this change the interface settings to be “Same as Interface IP”, this now means users will get the Interface IP as their DNS server, and will benefit from all DNS Database changes we make on the FortiGate