Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlbertMin
New Contributor II

DNS Name Resolution does not work for all internal zones (IOS)

Hello,

 

we have a Fortigate v7.0.7 and we dial into the company via vpn from Windows, Mac, Android, iPad, iPhone.

An internal dns server is specified in the ssl vpn settings. There are different zones/domains in our internal DNS.

For example:

myfirma.lo (that's the name from our internal AD)

somethingother.de

test.blubber

...

If we make an vpn-connection (with FortiClient) from Windows, Mac or Android, all these zones/domains can be resolved to ip addresses. I test that with ping or nslookup.

For example:

ping hosta.myfirma.lo

ping hostb.somethingother.de

ping testhost.test.blubber

...

No matter what I take, I get an ip address back everywhere.

 

From iPad and iPhone (also with FortiClient) just the zone myfirma.lo works. All other zones/domains cannot be resolved.

If I ping, for example

ping testhost.test.blubber 

I get "Can't resolve host"

 

So I think, that's a problem with IOS.

 

What can I do?

 

Thank you

Greetings

AlbertMin

1 Solution
AlbertMin
New Contributor II

The solution is to store DNS suffixes in the SSL VPN settings. Only works via CLI:
config vpn ssl settings
set dns suffix myfirma.lo;somethingother.de

View solution in original post

4 REPLIES 4
AlbertMin
New Contributor II

Extra information:

I found out with a packet filter, that no DNS-request are sent into the tunnel, except for the domain myfirma.lo.

And myfirma.lo is, as I said, the name of our internal windows domain.

That can not be a coincidence.

 

And again, as I mentioned before, this only applies to ios (iPad, iPhone). With Windows/Android/Mac everything works as desired.

 

Regards.

AlbertMin

AlbertMin
New Contributor II

The solution is to store DNS suffixes in the SSL VPN settings. Only works via CLI:
config vpn ssl settings
set dns suffix myfirma.lo;somethingother.de

balinttoth-gnssys

Thanks! Worked for us also :)

andreacostanzo
New Contributor

hello, I had solved it using this suggested 'workaround', but now that iOS has released version 18, it is happening again in Safari. Has anyone experienced the same problem and found a solution?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors