FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
ssriswadpong
Staff
Staff
Article Id 347017
Description This article describes why FortiProxy sends AAAA DNS queries. In some environments, IPv6 is not in use, so the DNS query for the AAAA record is an unexpected result and causes HTTP error code 504.
Scope FortiProxy.
Solution

FortiProxy will send AAAA DNS queries to the DNS server when IPv6 or ISDB IPv6 is configured in policies.

 

config firewall policy

   edit <policy ID>
        set dstaddr6 <address name> <------

             or      

        set internet-service6-name <ISDB name> <------

   next

end

Screenshot 2024-10-04 130347.png

 

If the IPv6 address is in a policy, FortiProxy may send both A and AAAA DNS queries to the DNS server.

In some cases, if the AAAA record query response arrives before A record and the response is Server failure AAAA or unresolvable, FortiProxy will return the error HTTP 504 to the user. So, the IPv6 address in policies must be removed in this case.