Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jond
New Contributor III

Created on ‎06-19-2020 07:39 AM

Bizarre DNS results? 198.18.x.y returned

Hi there,

I'm getting something odd happening which I've never seen before, I am intermittently getting DNS queries answered with a 198.18.x.y address.

 

Using Fortiguard or local DNS servers doesn't make any difference to the behaviour.

 

It happens with both local clients and through the CLI on the box.

 

For instance:

 

 

Have to say I've no seen that before!

 

Any ideas?

 

Thanks,

Jon

7155
0 Kudos
2 Solutions
Dave_Hall
Honored Contributor
In response to rwpatterson

Created on ‎06-19-2020 12:36 PM

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
5466
0 Kudos
emnoc
Esteemed Contributor III
In response to Dave_Hall

Created on ‎06-19-2020 01:39 PM

And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
5466
0 Kudos
7 REPLIES 7
rwpatterson
Valued Contributor III

Created on ‎06-19-2020 09:59 AM

Could you paste ASCII results from the query? Pictures don't quite work.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
5413
0 Kudos
Dave_Hall
Honored Contributor
In response to rwpatterson

Created on ‎06-19-2020 12:36 PM

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
5467
0 Kudos
emnoc
Esteemed Contributor III
In response to Dave_Hall

Created on ‎06-19-2020 01:39 PM

And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
5467
0 Kudos
Jond
New Contributor III
In response to Dave_Hall

Created on ‎06-22-2020 05:09 AM

Dave Hall wrote:

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

I like your thinking, where do I find that? I've looked all over the place in the GUI and dumped out the full config on the wan interface and I see nothing standing out :(

5413
0 Kudos
Dave_Hall
Honored Contributor
In response to Jond

Created on ‎06-22-2020 06:07 AM

The setting should be listed there unless the web browser version you are using is not 100% compatible (e.g. page element corruption.) 

 

The default setting is enabled I believe - all default settings won't show up when listed in the config (in the CLI) unless you use "show full".

 

 

 

Just to confirm are you getting DNS quires from host 198.18.x.y or are DNS quires resolving to 198.18.x.y ? And yeah, your original pic didn't come out.

  

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
119 KB
5412
0 Kudos
Jond
New Contributor III
In response to Dave_Hall

Created on ‎06-26-2020 06:39 AM

Thank you to everyone who mentioned Override DNS setting.

 

I'd forgotten that I'd started to set up a failover ADSL link with that ticked (by default I guess) and the ADSL had failed returning the oddjob 198 addresses.

 

Best wishes,

Jon

5412
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Jond

Created on ‎06-26-2020 08:07 AM

@Dave Hall's post: "override" will only be displayed if WAN type is DHCP or PPPoE.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
5412
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.