Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jond
New Contributor III

Bizarre DNS results? 198.18.x.y returned

Hi there,

I'm getting something odd happening which I've never seen before, I am intermittently getting DNS queries answered with a 198.18.x.y address.

 

Using Fortiguard or local DNS servers doesn't make any difference to the behaviour.

 

It happens with both local clients and through the CLI on the box.

 

For instance:

 

 

Have to say I've no seen that before!

 

Any ideas?

 

Thanks,

Jon

2 Solutions
Dave_Hall

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
emnoc
Esteemed Contributor III

And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
7 REPLIES 7
rwpatterson
Valued Contributor III

Could you paste ASCII results from the query? Pictures don't quite work.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Dave_Hall

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
emnoc
Esteemed Contributor III

And to add, you can diag sniffer packet any "host x.x.x.x and src port 53" to see the DNS-answers

 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Jond
New Contributor III

Dave Hall wrote:

Is the Fortigate's WAN(s) interfaces configured/set to override internal DNS?

I like your thinking, where do I find that? I've looked all over the place in the GUI and dumped out the full config on the wan interface and I see nothing standing out :(

Dave_Hall
Honored Contributor

The setting should be listed there unless the web browser version you are using is not 100% compatible (e.g. page element corruption.) 

 

The default setting is enabled I believe - all default settings won't show up when listed in the config (in the CLI) unless you use "show full".

 

 

 

Just to confirm are you getting DNS quires from host 198.18.x.y or are DNS quires resolving to 198.18.x.y ? And yeah, your original pic didn't come out.

  

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Jond
New Contributor III

Thank you to everyone who mentioned Override DNS setting.

 

I'd forgotten that I'd started to set up a failover ADSL link with that ticked (by default I guess) and the ADSL had failed returning the oddjob 198 addresses.

 

Best wishes,

Jon

ede_pfau
Esteemed Contributor III

@Dave Hall's post: "override" will only be displayed if WAN type is DHCP or PPPoE.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Top Kudoed Authors