"
I just had the same issue. If you are using Gateway Groups for failover - note the changing the default firewall allow rules for LAN to internet access will NOT allow DNS requests to the firewall itself. You must create a firewall rule allowing DNS traffic to the firewall itself (no gateway set for this rule) and place it before the pass rules that forwards traffic to your gateway groups.
