Hi there,
I'm getting something odd happening which I've never seen before, I am intermittently getting DNS queries answered with a 198.18.x.y address.
Using Fortiguard or local DNS servers doesn't make any difference to the behaviour.
It happens with both local clients and through the CLI on the box.
For instance:
Have to say I've no seen that before!
Any ideas?
Thanks,
Jon
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers
Ken Felix
PCNSE
NSE
StrongSwan
Could you paste ASCII results from the query? Pictures don't quite work.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers
Ken Felix
PCNSE
NSE
StrongSwan
Dave Hall wrote:Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?
I like your thinking, where do I find that? I've looked all over the place in the GUI and dumped out the full config on the wan interface and I see nothing standing out :(
The setting should be listed there unless the web browser version you are using is not 100% compatible (e.g. page element corruption.)
The default setting is enabled I believe - all default settings won't show up when listed in the config (in the CLI) unless you use "show full".
Just to confirm are you getting DNS quires from host 198.18.x.y or are DNS quires resolving to 198.18.x.y ? And yeah, your original pic didn't come out.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Thank you to everyone who mentioned Override DNS setting.
I'd forgotten that I'd started to set up a failover ADSL link with that ticked (by default I guess) and the ADSL had failed returning the oddjob 198 addresses.
Best wishes,
Jon
@Dave Hall's post: "override" will only be displayed if WAN type is DHCP or PPPoE.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1066 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.