Staff

Troubleshooting Tip: DNS error due to 'Can't bind socket: Address already in use in vd--1'

Forum|Forum|11 months ago
June 27, 2025
0 replies
515 views

Description

This article describes a behavior where users can not ping any domain from FortiGate and FortiGuard communication do not works for Upgrades or rating.

Scope

FortiGate with DNS server configuration.

Solution

In some cases, users are unable to connect to FortiGuard from FortiGate.

On the FortiGate, it is not possible to ping google.com, but pinging 8.8.8.8 is working.

Run the following DNS debug commands:

diagnose debug application dnsproxy -1

diagnose debug enable

In the debugs, the following error will be visible:

[worker 0] dns_server_setup()-431: ip=96.45.46.46 encrypt=none rating=0
[worker 0] vdom_info_reinstall_ftgd_settings()-1029
[worker 0] load_vd_dns_server()-2157
[worker 0] create_udp_handle()-3637: ipv4 port: 7900
[worker 0] create_udp_handle()-3707: Can't bind socket: Address already in use in vd--1

d[worker 0] dns_policy_load_vd()-2948: vdom=root

[worker 0] dns_profile_load_vd()-2542: vfid=0

[worker 0] dns_url_table_load_vd()-2705: vfid=0

[worker 0] vdom_info_reinstall_dns_settings()-804: vdinfo=root

Restarting the dnsproxy daemon does not work.

Solution:

Increase the DNSProxy engine count:

config system global
set dnsproxy-worker-count 2
end

After applying this configuration, verify that pinging google.com and FortiGuard services work again.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded