Troubleshooting Tip: Monitoring local out DNS traffic statistics

1. GUI monitoring.
   FortiGate provides an admin user with Sent/Received (bytes), Sent Packets, Received Packets, Sent Bytes, and Received Bytes columns for local out DNS sessions at Log & Report -> Local Traffic.

2. CLI monitoring. In the CLI, FortiGate provides more detailed information and statistics of dnsproxy daemon about DNS proxy activity.

    

DNS UDP: req=996 res=272 fwd=241 cmp=591 retrans=38 to=17 <----- Req, res fields indicating the number of DNS requests sent by the FortiGate and DNS response received.

Starting from FortiOS v7.6, DNSProxy shows a fail rate as below:

DNS UDP: req=3983 res=3914 fwd=4007 retrans=150 to=58 fail_rate=1.456 <-----

Example output:

diagnose test application dnsproxy 2
worker idx: 0
worker: count=1 idx=0
retry_interval=500 query_timeout=1495
DNS latency info:
vfid=1 server=96.45.46.46 latency=1 updated=8829
vfid=1 server=8.8.8.8 latency=1 updated=2823
vfid=1 server=10.109.3.14 latency=1 updated=45687
SDNS latency info:
DNS_CACHE: alloc=4, hit=126
RATING_CACHE: alloc=0, hit=0
DNS query: alloc=0
DNS UDP: req=3983 res=3914 fwd=4007 retrans=150 to=58 fail_rate=1.456%
DNS FTGD: ftg_fwd=0 ftg_res=0 ftg_retrans=0
Socket monitor: cur=94 switched=30100 num_switched=1 v6_cur=0 v6_switched=0 num_v6_switched=0
Others: compressed=0
RCODES: 3918 0 65 0 0 0 0 0 0 0 0
DNS TCP: req=0 res=11 fwd=11 retrans=0 to=0 fail_rate=0.000%

DNS TCP connections:

DNS UNIX streams: cfd=35 cfd=36 cfd=37 cfd=38
FQDN: alloc=12 nl_write_cnt=3578 nl_send_cnt=5364 nl_cur_cnt=0
Botnet: searched=0 hit=0

Related article:

Technical Tip: How to enable and view logs for local-out DNS traffic