Skip to main content
JordAnge
Staff
JordAnge
Staff
February 20, 2026

Troubleshooting Tip: FortiGate is unable to resolve FQDN addresses

  • February 20, 2026
  • 0 replies
  • 955 views
Description This article describes behavior in FortiOS where FQDN-Addresses are unable to be resolved and how to fix it.
Scope FortiGate 7.2.x.
Solution

In this scenario, an error is displayed in FortiOS to resolve FQDN addresses objects configured.

 

config firewall address

    edit "cargosautomaticos.credomatic.com"

        set type fqdn

        set fqdn "cargosautomaticos.credomatic.com"

    next
end

 

FW01 # diagnose firewall fqdn list-all

...

fqdn_u 0xa3fa510 cargosautomaticos.credomatic.com: type:(1) ID(31) count(0) generation(0) data_len:0 flag: 0
Total ip fqdn range blocks: 0.
Total ip fqdn addresses: 0.

 

FW01 # diagnose firewall fqdn list-ip
List all IP FQDN:

...

fqdn_u 0xa3fa510 cargosautomaticos.credomatic.com: type:(1) ID(31) count(0) generation(0) data_len:0 flag: 0
Total ip fqdn range blocks: 0.
Total ip fqdn addresses: 0.

 

The next DNS debug commands, did not display any information:

 

FW01 # diagnose test app dnsproxy 2   <----- Show stats.

 

FW01 # diagnose test app dnsproxy 3   <----- Dump DNS settings.

 

The dnsproxy-debug (diagnose debug appliction dnsproxy -1) used to display the next error:

 

2026-02-12 11:44:39 [worker 0] dns_server_setup()-434: ip=208.91.112.53 encrypt=none rating=0
2026-02-12 11:44:39 [worker 0] dns_server_setup()-434: ip=208.91.112.53 encrypt=dot rating=0
2026-02-12 11:44:39 [worker 0] dns_server_setup()-434: ip=208.91.112.52 encrypt=none rating=0
2026-02-12 11:44:39 [worker 0] dns_server_setup()-434: ip=208.91.112.52 encrypt=dot rating=0
2026-02-12 11:44:39 [worker 0] vdom_info_reinstall_ftgd_settings()-1058
2026-02-12 11:44:39 [worker 0] reload_vd_hostname_cache()-374: vd=0
2026-02-12 11:44:39 [worker 0] load_vd_dns_server()-2169
2026-02-12 11:44:39 [worker 0] create_udp_handle()-3633: ipv4 port: 7900
2026-02-12 11:44:39 [worker 0] create_udp_handle()-3690: Can't bind socket: Address already in use in vd--1
2026-02-12 11:44:39 [worker 0] dns_policy_load_vd()-2700: vdom=root
2026-02-12 11:44:39 [worker 0] dns_profile_load_vd()-2380: vfid=0
2026-02-12 11:44:39 [worker 0] dns_url_table_load_vd()-2536: vfid=0
2026-02-12 11:44:39 [worker 0] vdom_info_reinstall_dns_settings()-807: vdinfo=root

 

Follow the steps below to fix the issue. If one does not work, proceed to the next.

 

  1.  Restart the dnsproxy worker. See Technical Tip: FortiGate Troubleshooting DNS commands.
       

diagnose test application dnsproxy 99

 

  1. Kill the dnsproxy process. See Technical Tip: How to restart/kill one or several processes on the FortiGate with CLI commands.

 

diagnose sys process pidof dnsproxy
<process id>
diagnose sys kill <signal> <process ID>
fnsysctl killall dnsproxy

 

  1. Increase the DNSProxy engine count. See Troubleshooting Tip: DNS error due to 'Can't bind socket: Address already in use in vd--1'.

 

config system global

    set dnsproxy-worker-count 2
end

 

  1. Reboot the device.

 

Finally, the FortiOS will be able to resolve the FQDN addresses. For example:

 

FW01 # diagnose firewall fqdn list-ip
List all IP FQDN:

...

fqdn_u 0xa89a012 cargosautomaticos.credomatic.com: type:(1) ID(31) count(1) generation(3) data_len:13 flag: 1
ip list: (1 ip in total)
ip: 66.22.0.58
Total ip fqdn range blocks: 1.
Total ip fqdn addresses: 1.
    Terms & ConditionsAccessibility statement