Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

DNS Database CNAME entries

We are testing DNS on a FGT 201E running FOSv6.0.8 and having issues with incorrect behaviour with CNAME entries.  I am not finding a lot of discussion anywhere on FGT dns which leaves me to believe this is likely not a well used feature. 


incorrect response from FGT:


Server: Address:



Correct response from bind server


Server: Address:

Name: Addresses: 2xxx:xxxx:xxx4:xxx::2013 Aliases:


Packet captures show that the FGT is returning the CNAME of but it is not resolved where bind returns the cname and the IPs.



Protocol Length Info DNS 79 Standard query 0x0059 A DNS 104 Standard query response 0x0059 A CNAME DNS 79 Standard query 0x005a AAAA DNS 104 Standard query response 0x005a AAAA CNAME



Protocol Length Info DNS 76 Standard query 0x0066 A DNS 117 Standard query response 0x0066 A CNAME A DNS 76 Standard query 0x0067 AAAA DNS 129 Standard query response 0x0067 AAAA CNAME AAAA 2xxx:xxxx:xxx4:xxx::2013


Any thoughts other than don't use CNAMEs?



Valued Contributor III

I see that they resolve to different IP addresses. Are you sure something wasn't fat-fingered?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:

I'm not sure what you're talking about other than perhaps the fact I am using two different name server destiny and matthew/1 and 11/FGT and bind. Nothing has been fat fingered. The FGT is not resolving the cname as it should be as evidenced in the packet capture.


So no one is using CNAME then? Guess I'll try running this up the official channels then.


Updating this though it seems no one cares. My most excellent and awesome FortiCrew offered to test this on some 6.2.x fgts in their lab. This made me realize I could test it very quickly with a 6.2.2 box I had on the same network here. Sixty or so seconds later we know CNAME entries work as expected on 6.2.2. Looks like a possible 6.0.8 bug. They are looking into it.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors