Description | This article describes what to look for when FQDN fails to resolve an IP if the DNS profile is enabled in the DNS Server configuration. |
Scope | FortiGate, DNS. |
Solution |
When trying to do nslookup on FQDN that exists in DNS Server DB, the request timed out.
The issue was identified to be related to SDNS reachability by running a dnsproxy debug:
diagnose debug application dnsproxy -1 diagnose debug enable
Check upstream if this IP address (173.243.140.53; used for DNS rating) is blocked.
As a workaround, it is possible to disable the DNS profile in the DNS Server configuration.
It can resolve FQDN to an IP address post changes.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.