Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
ojacinto
Staff
Staff

Created on ‎12-09-2024 07:30 AM Edited on ‎03-20-2025 05:16 AM By Moderator

Article Id 354003

Troubleshooting Tip: '504 DNS look up failed' error on explicit-web proxy

Description This article describes how to apply a WAD debug to track the DNS lookup failed error.
Scope FortiProxy v7.4.0 and later.
Solution

The '504 DNS look up failed' code indicates that the DNS server does not have the IP for the given domain, so it sends that response. On FortiProxy, WAD debug can be enabled to see the DNS queries and responses:

 

diagnose wad filter clear
diagnose console timestamp enable
diagnose wad filter src x.x.x.x <- It is recommended to filter only the IP of the PC used for tests.
diagnose wad debug enable category all
diagnose wad debug enable level info
diagnose debug enable

 

To disable debug:

 

diagnose debug disable

diagnose debug reset

 

In the following example, the explicit-proxy user (192.168.13.105) tried to access the URL https://forticare.fortinet.com and the error '504 DNS look up failed' is shown on the browser.

WAD debug flow shows the DNS request:

 

[I]2024-10-29 16:09:27.508492 [p:1619][s:903876123][r:538] wad_dump_http_request :2833 hreq=0x7f1f8ec5bef8 Received request from client: 192.168.13.105:51651

CONNECT fortiare.fortinet.com:443 HTTP/1.1

Host: fortiare.fortinet.com:443

Proxy-Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Proxy-Authorization: Basic c3R1ZGVudDE6MTIzNDU2Nzg5MA==

 

[I]2024-10-29 16:09:27.508498 [p:1619][s:903876123][r:538] wad_http_str_canonicalize :2200 enc=0 path=/ len=1 changes=0
[I]2024-10-29 16:09:27.508500 [p:1619][s:903876123][r:538] wad_http_conn_req_classify :6419 no security profile HTTPS/HTTP, tport=443
[I]2024-10-29 16:09:27.508503 [p:1619][s:903876123][r:538] wad_http_dns_resolve :8896 [0x7f1f8ec5bef8] DNS request name=fortiare.fortinet.com len=21 type/pref=0/0
[I]2024-10-29 16:09:27.508505 [p:1619][s:903876123][r:538] __wad_dns_send_query :787 0:0: sending DNS request for remote peer fortiare.fortinet.com id=0 IPv4
[I]2024-10-29 16:09:27.508510 [p:1619][s:903876123][r:538] wad_dns_req_msg_send_local_req :244 send unreq to dnsproxy.
msg_len=39, type=wad_local_client_req, vfid=0, vrf=0, ifindex=11, policy_id=0 src_addr=192.168.13.105[I]2024-10-29 16:09:27.508513 [p:1619][s:903876123][r:538] wad_tcp_port_on_event:2415 sock 157 change events=0x40.
[I]2024-10-29 16:09:27.508516 [p:1619][s:903876122] wad_tcp_port_on_event :2324 start processing tcp event=0x1 events=0x41 fd=156 n_out_block=0
[I]2024-10-29 16:09:27.508518 [p:1619][s:903876122] wad_tcp_port_on_read :2199 sock 156 read (0,4080)
[I]2024-10-29 16:09:27.508523 [p:1619][s:903876122][r:539] wad_dump_http_request :2833 hreq=0x7f1f8ec59d60 Received request from client: 192.168.13.105:51650

CONNECT fortiare.fortinet.com:443 HTTP/1.1
Host: fortiare.fortinet.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Proxy-Authorization: Basic c3R1ZGVudDE6MTIzNDU2Nzg5MA==

 

The DNS response from the server is received on FortiProxy without any IP:

 

[I]2024-10-29 16:09:27.512817 [p:1619] wad_unix_stream_flush_data :647 WAD unix stream stream 0x85973b8 write (1,254)
[I]2024-10-29 16:09:27.589032 [p:1619] wad_dnsproxy_conn_proc_common_hdr :625 msg_len=86 msg_type=11 session_id=0
[I]2024-10-29 16:09:27.589047 [p:1619] wad_dnsproxy_conn_proc_hdr :602 msg_len=86 msg_type=11 session_id=0
[I]2024-10-29 16:09:27.589049 [p:1619] wad_dns_parse_name_resp :205 0: DNS response received for remote host fortiare.fortinet.com req-id=1 ipv4=1
[I]2024-10-29 16:09:27.589052 [p:1619][s:903876122][r:539] wad_http_dns_request_done :14039 [0x7f1f8ec59d60] DNS resolved: N/A  < ---
[I]2024-10-29 16:09:27.589063 [p:1619][s:903876122][r:539] wad_dump_fwd_http_resp :2848 hreq=0x7f1f8ec59d60 Forward response from Internal:

 

Then, the replace message is generated and sent to the end user:

 

[I]2024-10-29 16:09:27.593435 [p:1619][s:903876122][r:540] wad_http_parse_host :1681 host=[21]fortiare.fortinet.com
[I]2024-10-29 16:09:27.593437 [p:1619][s:903876122][r:540] wad_http_str_canonicalize :2200 enc=0 path=/ len=1 changes=0
[I]2024-10-29 16:09:27.593439 [p:1619][s:903876122][r:540] wad_http_authz_line_remove :1070 req/user/active/scheme/rem: 0x7f1f8ec5bef8/student1/1/basic/0
[I]2024-10-29 16:09:27.593441 [p:1619][s:903876122][r:540] __wad_http_build_replmsg_resp :840 Generating replacement message. DNS error repmsg_id 8  < ---
[I]2024-10-29 16:09:27.593525 [p:1619][s:903876122][r:540] wad_dump_fwd_http_resp :2848 hreq=0x7f1f8ec5bef8 Forward response from Internal:

 

HTTP/1.1 504 Gateway Timeout  <---
Connection: close
Content-Type: text/html
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Content-Length: 29460

 

ScreenHunter_247 Oct. 29 16.37.jpg
1710
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.