Description
This article how to use DDNS service and how to enable FortiGuard DDN Servers when the following error message is appearing from GUI:
Solution
1) If there is PPPoE or DHCP connection on WAN port, make sure overriding internal DNS is disabled:
- From GUI, go to Network -> Interfaces, edit WAN and unselect Override internal DNS.
- From CLI/SSH:
# config system interface
edit wan1
set dns-server-override disable
end
2) Manually configure DDNS server via CLI/SSH:
# config system fortiguard
set ddns-server-ip 173.243.138.225
end
3) Change the protocol to UDP and disable FortiGuard anycast (For version 6.4.2).
# config system fortiguard
set fortiguard-anycast disable
set protocol udp
end
4) If an issue is found in FortiOS 7.0 with FortiDDNS please make the changes below:
# config system fortiguard
set fortiguard-anycast enable
set ddns-server-ip 173.243.138.225
end
This is due to handshake failure for TLSv1.3 and will be resolved if the above changes are done.
Additional context information
- About DDNS default service:
Currently, there are two FQDNs for DDNS service.
- When anycast is disabled, FQDN 'ddns.fortinet.net' (resolved to 173.243.138.226) will be used. When anycast is enabled, FQDN 'globalddns.fortinet.net' (resolved to 173.243.138.225) will be used.
Related Articles:
Technical Tip: How to update IP address with FortiGuard DDNS service and upstream router
Troubleshooting Tip: FortiGuard DDNS IP update fails
