Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dotorg
New Contributor

DNS filter - A rating error occurs - all Fortiguard SDNS servers failed to respond

Hi All,

 

getting this message every day.

Whats wrong? Are there not enough server at fortinet?

 

Any help would be fine. Best regards. 

15 REPLIES 15
oheigl

I had problems with the DNS Server too, it's the one starting with 212.x.x.x I think. I removed it from the DNS configuration and replaced it with the google DNS, now everything seems to be working.

bdouble
New Contributor

Sure, using Google's servers should easily fix the issue. But, isn't the point of this feature that Fortiguard maintains a DNS database and servers, that filter out known malicious endpoints and other stuff that should be avoided? Seems to me that the issue is with Fortiguard's service here, perhaps their DNS infrastructure cannot handle the load generated by all of the Fortiguard devices out there... 

MikePruett
Valued Contributor

do you have a sanitized version of your config that you can post?

Mike Pruett Fortinet GURU | Fortinet Training Videos
rowie

Same error here with 5.4.5 on FG60D

 

 

Message meets Alert condition date=2017-10-04 time=10:10:07 devname=xxx devid=xxx logid=0318012800 type=utm subtype=webfilter eventtype=ftgd_err level=error vd=root policyid=17 sessionid=3454737 user="" srcip=192.168.255.112 srcport=50430 srcintf="internal" dstip=8.8.8.8 dstport=53 dstintf="wan1" proto=17 service="DNS" hostname="client.wns.windows.com" profile="default" action=blocked reqtype=direct sentbyte=0 rcvdbyte=0 direction=outgoing msg="A rating error occurs" error="all Fortiguard SDNS servers rating timeout"    
rowie
New Contributor

if you need other parts of the configuration mike let me know!

 

config system fortiguard set service-account-id "x.x.x.x" set sdns-server-ip "208.91.112.220" end

 

config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end

 

config system dhcp server edit 1 set forticlient-on-net-status disable set default-gateway 192.168.255.2 set netmask 255.255.255.0 set interface "internal" config ip-range edit 1 set start-ip 192.168.255.110 set end-ip 192.168.255.210 next end set timezone-option default config reserved-address x.x.x.x end set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next

 

br,

rowie

 

 

zeki893
New Contributor II

Have y'all tried changing the fortiguard filtering port from 53 to 8888? worked for me.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors