Skip to main content
zmag
zmag
New Member
October 29, 2010
Question

Not resolving internal dns

  • October 29, 2010
  • 5 replies
  • 13184 views
FG 620 4.0 MR2. This is in a simple network conisting of 1 A/D server (dhcp, dns), a couple of clients and this firewall. The firewall is on the edge, no router in this network. port1 = lan and port14= wan Subnet is 192.168.40.0/22 Firewall = 192.168.40.100 A/D server = 192.168.43.34 Client A = 192.168.40.106 (dhcp) I can resolve and ping from the firewall to the internet. I can ping from the firewall to the lan by ip but not resolve locally. I can ping and resolve from my A/D server to Client A. I see no traffic being blocked from A/D server to Firewall or vice versa. I have policies that allows " any" service between the 2. On port1 (lan) Enable DNS Query recursive is set Network > Options DNS > primary = 192.168.43.34 secondary = public dns 151.x.x.x execute ping Client A = unable to resolve host name. Since this is a test environment and ips have changed I did a config system arp-table purge Any other trobulehsooting ideas?

    5 replies

    rwpatterson
    rwpatterson
    New Member
    October 29, 2010
    Is client A relying on the FGT for DNS transfer or are you pointing directly to the AD server?
    zmag
    zmagAuthor
    New Member
    October 29, 2010
    I am pointing directly to the AD server. I think I am going to not concern myself with this one. Although I can not ping by name from the firewall, everything else works and this is strictly a testing environment. My production env has a router between the fw and the lan so whatever I do here will be irrelevant anyway. I guess I was just getting used to posting in this forum. Got your Alcatels up?
    rwpatterson
    rwpatterson
    New Member
    October 29, 2010
    Worked with level 3 support. They think they found the problem. We have been hiccup free for about 2 hours. Last time it took just over 2 days to act up. We' ll see.
    anonimis
    anonimis
    New Member
    November 11, 2010
    Can you share what the resolution to this was? I' m having a similar problem with 4.0 MR2 units.
    zmag
    zmagAuthor
    New Member
    November 11, 2010
    Sorry but I havent resooved it. I should have this config in production by the end of next week. If I get it going I will reply.
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    November 11, 2010
    DNS setup should be straightforward. As you are not using the FG as a local DNS all requests have to be relayed to the DNS you have configured in Network > Options. On the internal interface, check " Enable DNS" and " recursive" . There is no policy involved if you have the FG and ADS on the same interface. You may check the FG' s DNS cache with 
    diag test app dnsproxy <n>
    where n=3 DNS config n=7 DNS cache n=8 shows locally defined NS records (there must be a post around here or on the KB about this param...i' m getting old) In your case, if you don' t get replies back from the ADS it might be that a) FG does not send request to ADS b) ADS doesn' t want to answer c) traffic is blocked somewhere all of which can be seen by sniffing.
    Terms & ConditionsCookie settingsAccessibility statement