Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

JanuBari
New Contributor

Created on ‎09-06-2020 02:19 AM

Queried FQDN ip becomes 208.91.112.55

Hi,

When we do nslookup we always get answer where the fqdn's ip address is changed to 208.91.112.55:
Could it be DNS filtering is messing with the dns response where a rule/policy matched the query?

Thanks!
Labels:
9923
0 Kudos
10 REPLIES 10
TxAggieEngineer
New Contributor

Created on ‎09-06-2020 05:54 AM

That is the IP address of the FortiGuard "Redirect Portal" used by DNS filtering.  If the FQDN is in a blocked category, the ForitiGate will rewrite the DNS response to this IP address.
9066
0 Kudos
JanuBari
New Contributor
In response to TxAggieEngineer

Created on ‎09-06-2020 10:24 PM

If DNS filtering profile is not applied to a policy this will not be used right?
9066
0 Kudos
TxAggieEngineer
New Contributor
In response to JanuBari

Created on ‎09-07-2020 07:54 AM

Correct.  The profile would need to be applied to a policy.  Otherwise, the FortiGate will pass DNS requests through unaltered.  The only other way DNS would be altered would be a static translation but it seems highly unlikely there would be a static translation to FortiGuard's redirect portal.-------------------------------------------
Original Message:
Sent: Sep 06, 2020 10:23 PM
From: Janus Barinan
Subject: Queried FQDN ip becomes 208.91.112.55

If DNS filtering profile is not applied to a policy this will not be used right?
Original Message:
Sent: Sep 06, 2020 05:54 AM
From: Mark Bell
Subject: Queried FQDN ip becomes 208.91.112.55

That is the IP address of the FortiGuard "Redirect Portal" used by DNS filtering.  If the FQDN is in a blocked category, the ForitiGate will rewrite the DNS response to this IP address.
Original Message:
Sent: Sep 06, 2020 02:18 AM
From: Janus Barinan
Subject: Queried FQDN ip becomes 208.91.112.55

Hi,

When we do nslookup we always get answer where the fqdn's ip address is changed to 208.91.112.55:
Could it be DNS filtering is messing with the dns response where a rule/policy matched the query?

Thanks!
9066
0 Kudos
JanuBari
New Contributor
In response to TxAggieEngineer

Created on ‎09-07-2020 06:42 PM

I see. Can you tell me more about static translation where it is applied? How to check it?
9066
0 Kudos
TxAggieEngineer
New Contributor
In response to JanuBari

Created on ‎09-07-2020 08:15 PM

From the CLI, go to "config firewall dnstranslation" and do "show".  Starting in (I believe) 6.2, static DNS translations can also be configured from the GUI under the DNS Filter security profile.
9066
0 Kudos
JanuBari
New Contributor
In response to TxAggieEngineer

Created on ‎09-08-2020 01:49 AM

Could expired license would cause dns translation to redirect portal 208.91.112.55?
9066
0 Kudos
TxAggieEngineer
New Contributor
In response to JanuBari

Created on ‎09-12-2020 05:02 AM

I know expired services can end up blocking web access, although it's inconsistent in my experience.  I'm not sure what effect expired services would have on traffic with a DNS Security Profile configured.
9066
0 Kudos
mrodriguezlucendo
New Contributor

Created on ‎07-12-2023 01:05 PM

Good morning

I am having the same problem as the colleague, I do not have any DNS profile enabled and randomly the FW that has DNS, the internal dns, the fqdn resolve to 208.91.112.55 (without having any profile set in the fw) causing interruptions in the navigation The pc consults some internal dns (windows) and they have a forwarder to google passing the traffic through the fortinet, the traffic from the internal dns to the internet has no UTM or certificate policy. Can you think of something?

6199
0 Kudos
luca1994
New Contributor III
In response to mrodriguezlucendo

Created on ‎10-05-2023 05:26 AM

Good morining,

 

were you able to solve the problem?

 

Thanks in advance for the feedback

4479
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.