Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amuda
Staff
Staff

Created on ‎08-28-2024 02:07 AM Edited on ‎07-11-2025 07:23 AM By Moderator

Article Id 336985

Troubleshooting Tip: Failed to resolve an IP if the DNS profile is enabled in the DNS Server configuration

Description This article describes what to look for when FQDN fails to resolve an IP if the DNS profile is enabled in the DNS Server configuration.
Scope FortiGate, DNS.
Solution

When trying to do nslookup on FQDN that exists in DNS Server DB, the request timed out.

 

nslookup failed.jpg

 

The issue was identified to be related to SDNS reachability by running a dnsproxy debug:

 

diagnose debug application dnsproxy -1

diagnose debug enable

 

failed.jpg

 

Check upstream if this IP address (173.243.140.53; used for DNS rating) is blocked.

It is possible to use the following command to check the SDNS connection status of all servers:

 

diagnose debug rating

 

For more details on how to interpret the results of this command, refer to the following article:
Technical Tip: FortiGuard Flags and Meanings 

As a workaround, it is possible to disable the DNS profile in the DNS Server configuration.

 

delete dns-profile.jpg

 

It can resolve FQDN to an IP address post changes.

 

nslookup success.jpg
525
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.