Hello all,
have a very urgent problem.
On the FGT I can resolve DNS names (e.g. mx.dom.com) that I have configured via an external DNS server.
On the internal network we use MS-DNS and there I have entered the FGT as forwarder.
When I try to resolve mx.dom.com from an internal system, it does not work (domain not found).
In MS-DNS Event, I see: The DNS server encountered an invalid domain name in a packet from 192.168.30.9. The packet will be rejected. The event data contains the DNS packet.
192.168.30.9 is the FGT.
Under Network/DNS Server, I have entered the internal port and the port of the external -DNS, optionally Recursive and Forward to System DNS.
In the DNS Database, I have entered the domain mx.dom.com and through which DNS servers I can reach it.
What am I doing wrong?
Thanks in advance
TheBob
Hello Bob,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi Bob,
I understand you are not able to resolve the domain name when you set DNS forwarder on the MS server to firewall. You have set the firewall as DNS recursive, but it is still not working.
In the DNS Database, I have entered the domain mx.dom.com and through which DNS servers I can reach it.
What am I doing wrong? <<<<<<<<<<<< Could you clarify again, if you are giving the domain IP in the database of server IP which resolves the IP to the domain.
We would recommend to remove the database entry, and run the below debugs:
di de reset
di de app dnsproxy -1
di de en
Please do the query to your domain, once you see the error, please stop the debug using:
di de di
di de reset
Please also share the output of the command:
dia test application dnsproxy 7
Thank you!
Hello tthrilok,
many thanks for replay!
Now it works, but it takes some hour, maybe it was a dns-timer.
But I have still the error messages on Domain Controller, "The DNS server encountered an invalid domain name in a packet from 192.168.30.9. The packet will be rejected. The event data contains the DNS packet."
I have now from FGT to intern DC in a Recursive Mode and for the other interface using the external DNS-Server Forward to System DNS.
On DNS-Database I have for the external System the IP of external DNS and for internal DNS our DC-DNS Server.
It's working now, but didn't know how to solve the error message.
Many thanks for helping!
Bob
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.