Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
isptools
New Contributor II

DNS forwarding on 60D with 5.0P3

Hello, at a customer site we hear every day that users are getting dns-timeouts. We have forwarded the internal interface to the (working) external provider-DNS. All other services are running, only dns gave the user no answer (we see the packet came in the firewall and then a timeout).
Michael Killermann ISP-TOOLS GmbH Kohlenhofstrasse 60 -D 90443 Nuernberg - Germany Fortinet Certified Network & Security Professional #FCP1001
Michael Killermann ISP-TOOLS GmbH Kohlenhofstrasse 60 -D 90443 Nuernberg - Germany Fortinet Certified Network & Security Professional #FCP1001
4 REPLIES 4
ede_pfau
Esteemed Contributor III

Can you sniff whether the DNS requests leave the FGT' s wan port? First emergency measure would be to change the DNS address in the DHCP setup to the ISP' s DNS address. And then test.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Dave_Hall
Honored Contributor

We need more information on your network configuration and what troubleshooting was performed, such as: - what fgt model and firmware running - is the fgt device or internal server providing DNS services to internal workstations - confirmed fw policy covering DNS traffic is properly set up, including NAT settings - tried pinging/traceroute to the external dns servers (from fgt and a workstation) - tried a public DNS setting on a workstation (such as Google' s DNS 8.8.8.8) - check the traffic/event logs to see why dns traffic is being dropped?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
emnoc
Esteemed Contributor III

I' m using FWF60D with specific OpenDNS and Google-public dns servers for ipv4 & 6 and have no issues running the latest 5.0.3 code.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
GusTech
Contributor II

at a customer site we hear every day that users are getting dns-timeouts
OT: Timeout traffic from WAN1 I just want to add that we have a issue with HTTP requests that is timing out. (100D 5.0.3) Have a ticket and a thread regarding this issue in the beta-forum, but we have no progress resolving this issue yet.

Fortigate <3

Fortigate <3
Labels
Top Kudoed Authors