Technical Tip: FortiGates in Belgium unable to resolve hostnames when using OpenDNS as DNS servers
| Description | This article explains why DNS resolution might fail when the FortiGate is configured to use OpenDNS servers 208.67.222.222 or 208.67.220.220. |
| Scope | FortiGate. |
| Solution | FortiGates deployed in the Country of Belgium might face DNS resolution issues when they are configured to use OpenDNS as their DNS servers.
config system dns
When trying to resolve names, the FortiGate may display the following error:
fgt01 # exe ping fortinet.com
A sniffer will show that the DNS server is responding to the DNS query with the following message:
Effective.April.11,.2025:.Due.to.a.court.order.in.Belgium.requiring.the.implementation. of.blocking.measures.to.prevent.access.within.Belgium.to.certain.domains, .the.OpenDNS.service. is.not.currently.available.to.users.in.Belgium"
diagnose sniffer packet any "host 208.67.222.222 or host 208.67.220.220" 6 0 l
The solution is to switch to other DNS servers, such as FortiGuard DNS servers.
config system dns |
