|
The connection to the SMB server using FQDN failed, but with the IP address, the connection works. To discard the FortiGate is not performing any change to the DNS resolution, follow the next steps:
- Troubleshooting Tip: Using the FortiOS built-in packet sniffer for capturing packets, verify the DNS response from the server.
- If the DNS packet response is different from the DNS server response reaching the FortiGate, the FortiGate could be modifying this.
- If the DNS response is the same as the DNS, the MDNS or local cache could be impacting the resolution.
- To check if the MDNS is impacting this resolution, perform the following validations on a MAC OS terminal.
dig example.local
nslookup example.local
If the resolution of these two commands resolves correctly, the IP and the sniffer show is the same IP the DNS server sends, then the MDNS could be impacting.
Perform a ping to the domain. If the resolution of the ping is a wrong IP, then the Mac OS overrides this resolution. Check the following:
cat /etc/hosts
dscacheutil -flushcache <----- Clear cache.
This output should show the file with no override for that domain. if there is no override, execute the following command; this command will force the Mac os to send the MDNS request 'Bonjour'.
dns-sd -G v4 example.local
if the output of this command is the same as the command ping, there is an issue the Mac OS is using the MDNS resolution instead of the DNS resolution. If the FortiGate is the controller of the FortiAP, follow the next cookbook configuration to isolate this. Use Wireshark packets to identify the device that is answering to these resolutions.
Related document:
Support Isolation mdns traffic.
|
