This article explains the reason why the DNS latency shows a value of 14000 – 15000 ms.
Scope
FortiGate v7.0.x, v7.2.x and v7.4.x.
Solution
When FortiOS DNS Request gets Time Out, FortiGate will penalize the server fail count by increasing the RTT by 10-15 seconds, to force to switch to the next DNS server:
For each timeout, the server’ latency the server’ latency by 15sec (15000ms). The reason for this high value is to force FortiGate DNS to switch the current active server for the next DNS request waiting in the queue.
From CLI :
vfid=0 server=3.140.128.187 latency=10 updated=7474 vfid=0 server=3.143.64.169 latency=11 updated=1462 DNS UDP: req=381 res=281 fwd=439 cmp=26 retrans=147 to=75
There is Retransmission, and FortiGate increases latency:
vfid=0 server=3.140.128.187 latency=1049 updated=604 vfid=0 server=3.143.64.169 latency=16 updated=585 DNS UDP: req=382 res=282 fwd=441 cmp=26 retrans=148 to=75
Until it reaches a near value of 1500 ms, it will remain in this window for about 30 seconds until the FortiGate tries to update the value:
vfid=0 server=3.140.128.187 latency=1454 updated=174 vfid=0 server=3.143.64.169 latency=12 updated=161 DNS UDP: req=386 res=286 fwd=447 cmp=26 retrans=150 to=75
Note: This behavior changes from v7.4.4 and v7.6.x .