Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Muhammad_Haiqal
Staff
Staff

Created on ‎09-13-2021 12:19 AM Edited on ‎10-31-2023 05:27 AM By Moderator

Article Id 197982

Troubleshooting Tip: Domain Name ServDNS not responding

Description

 

In some cases, the network does not work due to the DNS server being down or intermittently available. The DNS server is necessary to resolve domains/URLs to IP addresses.
If the DNS server is unable to resolve, the domain will not be reachable.

This article assists with DNS troubleshooting.

 

Scope

 

FortiGate.

Solution

 

Troubleshooting.

There are 3 scenarios for DNS issues in the network:

 

  1. FortiGate is the DNS server: The PC is using the FortiGate interface as the DNS server.
  2. The PC is using a local DNS server: The PC is directly using a local DNS server in the network.
  3. The PC is using a public DNS server: The PC is directly using a public DNS server such as 8.8.8.8 or 1.1.1.1.

This troubleshooting guide focuses on Windows machines.
Open the command prompt and run the following:

 

ping 8.8.8.8
ping www.google.com
ping xxx.xxx.xx.xx <- Any domain which is not working.

Stephen_G_0-1698754697231.png

 
Pinging to 8.8.8.8 verifies internet connectivity. If the PC is able to ping 8.8.8.8, it means internet connectivity is working as expected.
The ping to www.google.com is to verify DNS resolution. If the PC is able to ping 8.8.8.8 but not www.google.com, the DNS is not working.

Basically, Windows (or any machine) cannot resolve domains if any of the following conditions are true:
  • No Preferred/Alternate DNS Server is configured.
  • The DNS server is not reachable.
  • The DNS server did not respond to the DNS query.
  • The DNS server does not have the DNS record.

First, check the Windows configuration as shown below:

 
 
 
 
The current adapter is using 8.8.8.8 as the Preferred DNS server.
8.8.8.8 is a public DNS server that will resolve public domains/URLs.
 
This public DNS cannot resolve local URLs/domain names.

Example.

ping mywebserver.local.my
ping syarif-pc

Because this URL/domain is introduced internally, a public DNS server like 8.8.8.8 will not have this information.

However, 8.8.8.8 can resolve the following addresses:

Ping www.google.com
Ping www.amazon.com
 
To check if the DNS is working, change the Preferred DNS server on the Windows machine and perform a domain ping test.
If the internal DNS server did not respond to the request, check on that DNS server.
 
Additionally, run the following debugging tasks for the ongoing DNS connection:

 

diagnose test application dnsproxy 3

 
Run the following sniffer:
 
diagnose sniffer packet any " port 53 " 6 0 a

For further assistance, contact Fortinet support.

Conclusion.

DNS resolution depends on the DNS server database in use.
If the DNS server is able to provide the information, it will give the information to the client.
 
The scenarios outlined in this article apply to Windows machines.
Labels:
27176
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.