Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
smaruvala
Staff
Staff

Created on ‎12-11-2024 04:44 AM Edited on ‎05-27-2025 11:16 PM By Staff

Article Id 363974

Technical Tip: Handling of the DNS Dynamic update packet by FortiGate in Proxy mode

Description This article explains how the FortiGate handles the DNS Dynamic update packet in proxy mode. This type of DNS packet is generated when a user executes the command 'ipconfig /registerdns'.
Scope FortiGate.
Solution
  • In Windows machines, the user can execute the command 'ipconfig /registerdns' to update the DNS records in the DNS server.
  • These DNS request packets will have an Opcode of 5 which indicates it as a DNS Dynamic update packet. Below is a screenshot of the sample output. 

 

dynamicupdate.png

 

  • When the FortiGate receives these packets, it will verify its cache first before forwarding the packet to the server.
  • If FortiGate finds the information in its cache, it will respond without forwarding the DNS request to the server. These response packets will be a complete packet but it will have incorrect information as it is a cached response.
  • This also negates the purpose of the DNS Dynamic update packet as the purpose is to inform the DNS server to update the records.
  • There is no command in the FortiGate to verify the cache information details which the FortiGate responds.
  • The application 'dnsproxyd' debug will show the below output which indicates that FortiGate is sending the cached response instead of forwarding the packets to the Server.

 

2024-11-21 07:02:18 [worker 0] udp_receive_redirect()-3276
2024-11-21 07:02:18 [worker 0] udp_receive_redirect()-3328: vd=0, vrf=0, intf=11, len=104, alen=16, 10.10.22.29:61228=>10.10.3.51
2024-11-21 07:02:18 [worker 0] handle_dns_request()-2489: vfid=0 real_vfid=0 id=0xc71e pktlen=104 qr=0 req_type=2
2024-11-21 07:02:18 [worker 0] dns_parse_message()-603
2024-11-21 07:02:18 [worker 0] dns_policy_find_by_idx()-2924: vfid=0 idx=1
2024-11-21 07:02:18 [worker 0] dns_secure_log_request()-1123: id:0xc71e pktlen=104 profile=Block-Security-Risk ifindex=11
2024-11-21 07:02:18 [worker 0] dns_secure_log_request()-1179: write to log: qname=xxxxxxxxxx qtype=6
2024-11-21 07:02:18 [worker 0] dns_profile_do_url_rating()-1992: vfid=0 profile=Block-Security-Risk category=255 domain=xxxxxxxxx
2024-11-21 07:02:18 [worker 0] botnet_domain_search()-2291: domain=xxxxxxxxxxx passed botnet check
2024-11-21 07:02:18 [worker 0] dns_profile_do_url_rating()-2088: request filter result for xxxxxxxxxxx (type=0 action=9)
2024-11-21 07:02:18 [worker 0] dns_send_cached_response()-1747: domain=xxxxxxxx
2024-11-21 07:02:18 [worker 0] dns_query_save_response()-2724: domain=xxxxxxxxx pktlen=101
2024-11-21 07:02:18 [worker 0] dns_adjust_ttl_values()-142
2024-11-21 07:02:18 [worker 0] dns_adjust_ttl_values()-145: Offset of 1st RR: 29
2024-11-21 07:02:18 [worker 0] dns_adjust_ttl_values()-147: Number of RR's: 4
2024-11-21 07:02:18 [worker 0] dns_adjust_ttl_values()-158: New ttl: 0
2024-11-21 07:02:18 [worker 0] dns_adjust_ttl_values()-158: New ttl: 0
2024-11-21 07:02:18 [worker 0] dns_adjust_ttl_values()-158: New ttl: 0
2024-11-21 07:02:18 [worker 0] dns_adjust_ttl_values()-158: New ttl: 1105
2024-11-21 07:02:18 [worker 0] dns_forward_response()-1720

 

This issue has been resolved in v7.4.8 and v7.6.3.
934
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.