Hello
I am reaching out to seek assistance regarding high traffic and cost issues stemming from frequent Fully Qualified Domain Name (FQDN) resolution on our FortiGate 80F device. Our network relies on Satellite internet with a pay-as-you-use model.
In light of this, I am exploring options to either stop or significantly reduce the time taken by the FortiGate system to perform DNS resolutions.
To provide additional context, I have undertaken the following troubleshooting steps:
Deletion of Default Addresses: I have removed default addresses from the FortiGate device; however, the changes do not persist. Default addresses, including those for well-known domains such as "google.com" and "microsoft," continue to reappear.
Configuration Checks: I have thoroughly reviewed and adjusted configurations related to DNS filters, security profiles, firewall policies, and system settings.
Given the persistence of the issue, I would appreciate any guidance or recommendations you can provide to optimize FQDN resolution on our FortiGate 80F.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you looking for a method to stop Fortigate sending DNS resolution requests? For all domains or Specific domains?
Dear Suraj,
We would like to restrict DNS resolution requests to only a few specified hosts and disable resolution for default hosts like google.com and microsoft.com. Upon inspecting the packets from our Fortigate, it seems to be sending DNS queries every 2-3 seconds.
Please let me know if there is any method to reduce DNS query.
Hello
I think you just need to setup a local central DNS server:
This will certainly optimize the amount of DNS requests to Internet and reduce response time.
@AEK
Thank you
I will try to setup local DNS server and test.
Hi @kumarmt,
You can follow this article to increase fqdn-cache-ttl. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-the-FQDN-nbsp-default-nbsp-...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.