Fortinet DDNS issue

Forum|Forum|11 years ago
September 25, 2014
3 replies
21672 views

This post is addressed to Fortinet DNS Administrators. Today I created an Fortiddns record on a Fortigate and noticed that I could not resolve that DNS on another fortigate. So Using DIG I found the following : - Fortigate primary DNS server is : 208.91.112.53 and secondary is 208.91.112.52 Ok, so let' s Dig my recent created Fortiddns record :

  ; <<>> DiG 9.8.3-P1 <<>> @208.91.112.53 nctsp.fortiddns.com  ; (1 server found)  ;; global options: +cmd  ;; Got answer:  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45772  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0    ;; QUESTION SECTION:  ;nctsp.fortiddns.com.		IN	A    ;; AUTHORITY SECTION:  fortiddns.com.		765	IN	SOA	ddns1.fortinet.com. mis.fortinet.com. 2014933327 10800 900 172800 3600    ;; Query time: 234 msec  ;; SERVER: 208.91.112.53#53(208.91.112.53)  ;; WHEN: Wed Sep 24 21:30:40 2014  ;; MSG SIZE  rcvd: 92

Hummm ... weird huh ... the primary DNS server doesn' t know this domain, but I noticed that there' s an ddns1.fortinet.com ... so let' s DIG to this one :

  ; <<>> DiG 9.8.3-P1 <<>> @208.91.114.22 nctsp.fortiddns.com  ; (1 server found)  ;; global options: +cmd  ;; Got answer:  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38371  ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0  ;; WARNING: recursion requested but not available    ;; QUESTION SECTION:  ;nctsp.fortiddns.com.		IN	A    ;; ANSWER SECTION:  nctsp.fortiddns.com.	300	IN	A	177.139.245.173    ;; AUTHORITY SECTION:  fortiddns.com.		86400	IN	NS	ddns2.fortinet.com.  fortiddns.com.		86400	IN	NS	ddns1.fortinet.com.    ;; Query time: 233 msec  ;; SERVER: 208.91.114.22#53(208.91.114.22)  ;; WHEN: Wed Sep 24 21:31:33 2014  ;; MSG SIZE  rcvd: 102

Cool, ddns1.fortinet.com knows my IP ... so why primary dns servers are not syncing to the ddns1.fortinet.com ? I was using this ddns for VPN purposes and instantly after I changed the primary DNS server from the fortigate to 208.91.114.22, the VPN connected ... bingo ! and now that the DNS is in cache, I could return the DNS servers to the default ones. This isn' t the first time this happens, has happened other times and on other times, from the remote fortigate, using a ping to nctsp.fortiddns.com just fails saying " the dns could not be resolved" It would be nice if someone just check those 2 DNS Fortinet DNS servers.

MVIOX

New Member

You may want to create a support ticket for this if you are looking for Fortinet technical assistance. I believe this site is primarily a user community with some interaction from fortinet employees. (I could be wrong)

Carl_Windsor_FTNT

Staff

Note that you have posted this in the FortiDNS section. FortiDNS is a product in its own right, your query is about the FortiGate DDNS feature, two different things. As MVIOX suggested, I would recommend you raise a support ticket.

Luiz_Alberto_CamiloAuthor

Explorer II

Hi Michael and Carl, Thanks for the recommendation. I couldn' t find the correct channel to communicate this to Fortinet, so I decided to create a post because this remains here and can be reference in search in the future. I' ll open a ticket later and post here about our findings. Thanks again !

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded