Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jond
New Contributor III

Created on ‎06-19-2020 07:39 AM

Bizarre DNS results? 198.18.x.y returned

Hi there,

I'm getting something odd happening which I've never seen before, I am intermittently getting DNS queries answered with a 198.18.x.y address.

 

Using Fortiguard or local DNS servers doesn't make any difference to the behaviour.

 

It happens with both local clients and through the CLI on the box.

 

For instance:

 

 

Have to say I've no seen that before!

 

Any ideas?

 

Thanks,

Jon

7669
0 Kudos
2 Solutions
Dave_Hall
Honored Contributor
In response to rwpatterson

Created on ‎06-19-2020 12:36 PM

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
5980
0 Kudos
emnoc
Esteemed Contributor III
In response to Dave_Hall

Created on ‎06-19-2020 01:39 PM

And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
5980
0 Kudos
7 REPLIES 7
rwpatterson
Valued Contributor III

Created on ‎06-19-2020 09:59 AM

Could you paste ASCII results from the query? Pictures don't quite work.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
5925
0 Kudos
Dave_Hall
Honored Contributor
In response to rwpatterson

Created on ‎06-19-2020 12:36 PM

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
5981
0 Kudos
emnoc
Esteemed Contributor III
In response to Dave_Hall

Created on ‎06-19-2020 01:39 PM

And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
5981
0 Kudos
Jond
New Contributor III
In response to Dave_Hall

Created on ‎06-22-2020 05:09 AM

Dave Hall wrote:

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

I like your thinking, where do I find that? I've looked all over the place in the GUI and dumped out the full config on the wan interface and I see nothing standing out :(

5925
0 Kudos
Dave_Hall
Honored Contributor
In response to Jond

Created on ‎06-22-2020 06:07 AM

The setting should be listed there unless the web browser version you are using is not 100% compatible (e.g. page element corruption.) 

 

The default setting is enabled I believe - all default settings won't show up when listed in the config (in the CLI) unless you use "show full".

 

 

 

Just to confirm are you getting DNS quires from host 198.18.x.y or are DNS quires resolving to 198.18.x.y ? And yeah, your original pic didn't come out.

  

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Fortigate DNS override.jpg
Preview file
119 KB
5924
0 Kudos
Jond
New Contributor III
In response to Dave_Hall

Created on ‎06-26-2020 06:39 AM

Thank you to everyone who mentioned Override DNS setting.

 

I'd forgotten that I'd started to set up a failover ADSL link with that ticked (by default I guess) and the ADSL had failed returning the oddjob 198 addresses.

 

Best wishes,

Jon

5924
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Jond

Created on ‎06-26-2020 08:07 AM

@Dave Hall's post: "override" will only be displayed if WAN type is DHCP or PPPoE.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
5924
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.