Technical Tip: How to allow access to 'google.com' portal when safe-search option is enabled on DNS filter profile

ojacinto · ‎10-23-2024

Description

This article describes that users are not able to access to google.com portal when the option SafeSearch is enabled on the DNS filter profile. The following procedure can be done to fix the problem.

Scope

FortiGate v6.4.0+, v7.0.0+ and v7.2.0+.

Solution

After the DNS filter and safe search are configured according to the following documentation:
Configuring a DNS filter profile

Users are not able to access google.com portals. The error 'ERR_NAME_NOT_RESOLVED' is shown on the browser:

ScreenHunter_243 Oct. 23 15.10.jpg

On the CMD windows machine the DNS resolution for that portal is not working:

ScreenHunter_244 Oct. 23 15.13.jpg

This error is solved by disabling/removing the DNS-database entries for Google portals:

config system dns-database
edit "Google"
set domain "google.com" < ---
config dns-entry
edit 1
set hostname "www"
set ip 216.239.38.120 < ---
next
end
next
edit "GooglePE"
set domain "google.com.pe" <----
config dns-entry
edit 1
set hostname "www"
set ip 216.239.38.120 <----
next
end

FortiGate-100F (dns-database) #

The above entries are redirecting to Google domain to the forcesafesearch.google.com IP.

Solution:

config system dns-database
edit "Google"
set status disable < ---
next
edit "GooglePE"
set status disable <----
end

After this change, DNS resolution on the PC starts working and it redirects to forcesafesearch.google.com:

ScreenHunter_246 Oct. 23 15.24.jpg

ScreenHunter_245 Oct. 23 15.22.jpg