Troubleshooting Tip: DNS error due to 'Can't bind socket: Address already in use in vd--1'

MichaelTorres · ‎06-27-2025

Description

This article describes a behavior where users can not ping any domain from FortiGate and FortiGuard communication do not works for Upgrades or rating.

Scope

FortiGate with DNS server configuration.

Solution

In some cases, users are unable to connect to FortiGuard from FortiGate.

On the FortiGate, it is not possible to ping google.com, but pinging 8.8.8.8 is working.

Run the following DNS debug commands:

diagnose debug application dnsproxy -1

diagnose debug enable

In the debugs, the following error will be visible:

[worker 0] dns_server_setup()-431: ip=96.45.46.46 encrypt=none rating=0
[worker 0] vdom_info_reinstall_ftgd_settings()-1029
[worker 0] load_vd_dns_server()-2157
[worker 0] create_udp_handle()-3637: ipv4 port: 7900
[worker 0] create_udp_handle()-3707: Can't bind socket: Address already in use in vd--1

d[worker 0] dns_policy_load_vd()-2948: vdom=root

[worker 0] dns_profile_load_vd()-2542: vfid=0

[worker 0] dns_url_table_load_vd()-2705: vfid=0

[worker 0] vdom_info_reinstall_dns_settings()-804: vdinfo=root

Restarting the dnsproxy daemon does not work.

Solution:

Increase the DNSProxy engine count:

config system global
set dnsproxy-worker-count 2
end

After applying this configuration, verify that pinging google.com and FortiGuard services work again.

Troubleshooting Tip: DNS error due to 'Can't bind socket: Address already in use in vd--1'

You are leaving our website