Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sripudaman
Staff
Staff

Created on ‎03-11-2022 05:52 AM

Article Id 206672

Technical Note : Illegal Fortiddns domains

Description

This article describes what are legit special characters that can be used in domains while  configuring domains on FortiGate 

 

Scope

FortiGate all versions 

 

Solution

Users may face issues in getting the FortiDDNS domains registered.

Configurations are the same for the below Fortigate versions 

FortiGate 5.6, 6.0, 6.4, 7.0

 

Below characters can be used as legit characters in defining a domain and getting it registered on FortiGuard DDNS servers.

“.” and “-”. Any other characters such as “>” “<” “_” “:” etc are not considered legit characters and as a result, the domains do not get registered.

 

Characters that would work

Capture1.PNG

 

Notice here that only “.” and “-” are considered as legit special characters as part of a domain.

Whereas other characters aren’t considered legit and will always throw an error

Capture2.PNG

 

This sometimes may show available too but in the debug output would always fail. Below are the examples of working and non-working setup

 

Working setup

 

# dia debug application ddnscd  -1

# dia deb en

# execute update-now

 

1636894422: Start to update FortiGuardDDNS (MBZUH.1208.fortiddns.com)

1636894422: next wait timeout 10 seconds

[111] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)

[111] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory_Backup.cer, root ca Fortinet_CA_Backup, idx 1

[721] ssl_ctx_create_new_ex: SSL CTX is created

[748] ssl_new: SSL object is created

fgt_ddns_connect()-725: SSL connecting

[621] __ssl_info_callback: before SSL initialization

[621] __ssl_info_callback: SSLv3/TLS write client hello

__ddns_ssl_connect()-651: ssl_res=1

[621] __ssl_info_callback: SSLv3/TLS write client hello

__ddns_ssl_connect()-651: ssl_res=1

[621] __ssl_info_callback: SSLv3/TLS read server hello

[621] __ssl_info_callback: SSLv3/TLS read server certificate

[645] __ssl_info_callback: Current cert idx 0, SSL verion 'TLS 1.2'

[656] __ssl_info_callback: Got server cert chain, num 3

[664] __ssl_info_callback: Server root issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

[667] __ssl_info_callback: Client root issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com

[596] __ssl_switch_cert: Update with next cert, idx 1

[621] __ssl_info_callback: SSLv3/TLS read server key exchange

[621] __ssl_info_callback: SSLv3/TLS read server certificate request

[621] __ssl_info_callback: SSLv3/TLS read server done

[621] __ssl_info_callback: SSLv3/TLS write client certificate

[621] __ssl_info_callback: SSLv3/TLS write client key exchange

[621] __ssl_info_callback: SSLv3/TLS write certificate verify

[621] __ssl_info_callback: SSLv3/TLS write change cipher spec

[621] __ssl_info_callback: SSLv3/TLS write finished

__ddns_ssl_connect()-651: ssl_res=1

[621] __ssl_info_callback: SSLv3/TLS write finished

[621] __ssl_info_callback: SSLv3/TLS read server session ticket

[621] __ssl_info_callback: SSLv3/TLS read change cipher spec

[621] __ssl_info_callback: SSLv3/TLS read finished

__ddns_ssl_connect()-651: ssl_res=0

fgd_ddns_fcp_exchange()-860: Sending FCPC=Protocol=3.4|SerialNumber=FGT60FTK21036992|Firmware=FGT60F-FW-6.02-1142|Command=DDNSUpdate|DomainName=MBZUH.1208.fortiddns.com|Address=Automatic

fgt_unpack_fcpr()-567: Unpacked obj: Protocol=3.4|SerialNumber=DDNS-ANY-VM-0102|ResponseStatus=1|Command=DDNSUpdate|DomainName=MBZUH.1208.fortiddns.com|Address=31.219.155.34

fgd_ddns_fcp_exchange()-891: Recvd FCPR=Protocol=3.4|SerialNumber=DDNS-ANY-VM-0102|ResponseStatus=1|Command=DDNSUpdate|DomainName=MBZUH.1208.fortiddns.com|Address=31.219.155.34

[201] __ssl_data_ctx_free: Done

[1012] ssl_free: Done

[193] __ssl_cert_ctx_free: Done

[1022] ssl_ctx_free: Done

[1003] ssl_disconnect: Shutdown

fgd_ddns_extract_fcpr_rcode()-416: code=1

fgd_ddns_extract_fcpr_bound_ip()-446: Bound ip=31.219.155.34

1636894423: Succeed to update FortiGuardDDNS (MBZUH.1208.fortiddns.com ==> 31.219.155.34)

 

Non-Working Setup

 

1636893652: Start to update FortiGuardDDNS (MBZUH_1208.fortiddns.com)

1636893652: next wait timeout 10 seconds

[111] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)

[111] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory_Backup.cer, root ca Fortinet_CA_Backup, idx 1

[721] ssl_ctx_create_new_ex: SSL CTX is created

[748] ssl_new: SSL object is created

fgt_ddns_connect()-725: SSL connecting

[621] __ssl_info_callback: before SSL initialization

[621] __ssl_info_callback: SSLv3/TLS write client hello

__ddns_ssl_connect()-651: ssl_res=1

[621] __ssl_info_callback: SSLv3/TLS write client hello

__ddns_ssl_connect()-651: ssl_res=1

[621] __ssl_info_callback: SSLv3/TLS read server hello

[621] __ssl_info_callback: SSLv3/TLS read server certificate

[645] __ssl_info_callback: Current cert idx 0, SSL verion 'TLS 1.2'

[656] __ssl_info_callback: Got server cert chain, num 3

[664] __ssl_info_callback: Server root issuer /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

[667] __ssl_info_callback: Client root issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=fortinet-ca2/emailAddress=support@fortinet.com

[596] __ssl_switch_cert: Update with next cert, idx 1

[621] __ssl_info_callback: SSLv3/TLS read server key exchange

[621] __ssl_info_callback: SSLv3/TLS read server certificate request

[621] __ssl_info_callback: SSLv3/TLS read server done

[621] __ssl_info_callback: SSLv3/TLS write client certificate

[621] __ssl_info_callback: SSLv3/TLS write client key exchange

[621] __ssl_info_callback: SSLv3/TLS write certificate verify

[621] __ssl_info_callback: SSLv3/TLS write change cipher spec

[621] __ssl_info_callback: SSLv3/TLS write finished

__ddns_ssl_connect()-651: ssl_res=1

[621] __ssl_info_callback: SSLv3/TLS write finished

[621] __ssl_info_callback: SSLv3/TLS read server session ticket

[621] __ssl_info_callback: SSLv3/TLS read change cipher spec

[621] __ssl_info_callback: SSLv3/TLS read finished

__ddns_ssl_connect()-651: ssl_res=0

fgd_ddns_fcp_exchange()-860: Sending FCPC=Protocol=3.4|SerialNumber=FGT60FTK21036992|Firmware=FGT60F-FW-6.02-1142|Command=DDNSUpdate|DomainName=MBZUH_1208.fortiddns.com|Address=Automatic

fgt_unpack_fcpr()-567: Unpacked obj: Protocol=3.4|SerialNumber=DDNS-ANY-VM-0102|ResponseStatus=-3|Command=DDNSUpdate|DomainName=MBZUH_1208.fortiddns.com|Address=31.219.155.34

fgd_ddns_fcp_exchange()-891: Recvd FCPR=Protocol=3.4|SerialNumber=DDNS-ANY-VM-0102|ResponseStatus=-3|Command=DDNSUpdate|DomainName=MBZUH_1208.fortiddns.com|Address=31.219.155.34

[201] __ssl_data_ctx_free: Done

[1012] ssl_free: Done

[193] __ssl_cert_ctx_free: Done

[1022] ssl_ctx_free: Done

[1003] ssl_disconnect: Shutdown

fgd_ddns_extract_fcpr_rcode()-416: code=-3

1636893654: Failed on update FortiGuardDDNS (MBZUH_1208.fortiddns.com), next try at 1636893714

 

Notice the error highlighted in the debugs, Changing the special characters to “.” or “-” will resolve the issue.

1413
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.