Description | This article describes why FortiProxy sends AAAA DNS queries. In some environments, IPv6 is not in use, so the DNS query for the AAAA record is an unexpected result and causes HTTP error code 504. |
Scope | FortiProxy. |
Solution |
FortiProxy will send AAAA DNS queries to the DNS server when IPv6 or ISDB IPv6 is configured in policies.
config firewall policy edit <policy ID> or set internet-service6-name <ISDB name> <------ next end
If the IPv6 address is in a policy, FortiProxy may send both A and AAAA DNS queries to the DNS server. In some cases, if the AAAA record query response arrives before A record and the response is Server failure AAAA or unresolvable, FortiProxy will return the error HTTP 504 to the user. So, the IPv6 address in policies must be removed in this case. |
Labels: