FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
This article describes how to troubleshoot issues with resolving the internal FQDN when IPv6 is enabled on the Endpoint NIC.
Scope
All Windows versions of FortiClient.
Solution
When IPv6 is enabled, A and AAAA DNS requests are sent simultaneously.
If the AAAA returns 'No such name' first, it means that the DNS request considers this domain to have no IP and the issue will be experienced.
If A returns first with a valid IPv4 address, there is no issue.
When IPv6 is disabled, only an A request will be sent and receive a valid IPv4, meaning no issue will be observed.
To resolve this issue, take one of the following actions:
Disable ParallelAandAAA capability:
In Registry Editor, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters.
Set 'DisableParallelAandAAAA'=dword:00000001.
Enable SMHNR:
In Local Group Policy Editor, go to Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Turn off smart multi-homed name resolution.
Select policy setting.
Set it to Disabled, then select OK.
In Registry Editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient.
Set 'DisableSmartNameResolution'=dword:00000000.
If issues still persist, contact Fortinet Support.
