|
This article describes when using Public Fortinet DNS server 208.91.112.52 and 208.91.112.53 for Domain Name resolution, Authoritative DNS server which are not compliant with the RFC 6891 (https://datatracker.ietf.org/doc/html/rfc6891) are returning FORMERR, SERVFAIL or query times out.
Some public DNS server as Google DNS server 8.8.8.8 or CloudFlare DNS server are using workaround to resolve Domain Name hold on Authoritative DNS server non RFC 6891 compliant.
DNS resolution example with Public Fortinet DNS and Google DNS:
Fortinet (Not resolved):
# dig <DomainNameNotCompliantwithRFC6891> @208.91.112.52
<Truncated>
;; ->>EADER<<- opcode: QUERY, status: SERVFAIL, id: 49963
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
<Truncated>
Google (Resolved):
# dig <DomainNameNotCompliantwithRFC6891> @8.8.8.8
<Truncated>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
<Truncated>
;; ANSWER SECTION:
<DomainNameNotCompliantwithRFC6891> 3600 IN A @IP
<Truncated>
PS: To check if the Authoritative DNS server related to the domain name is compliant with RFC6891, go to the web site: https://dnsflagday.net/2020/#action-authoritative-dns-operators
|
