Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mictronic
New Contributor II

Fortigate to resolve local DNS entry for address object

Hello fellows!

 

In a FGT-61F I created a local DNS service for domain "local.tld" with some A records in it.
All clients using the fgt as their primary DNS server and can resolve all hosts in "local.tld" with their FQDN.

Fine.

 

Now I want to use this working FQDN resolution for some firewall policies, so I added some addresses.

When I try to use the same FQDN for an address object, fgt says "Unresolved FQDN: host.local.tld".

 

What am I doing wrong? Any suggestions?

 

Working on FGT-61F with FortiOS 7.2.6.

 

Any help welcome. Thank you in advance!

 

Regards, Michael.

Best regards,
Mic
Best regards,Mic
1 Solution
lgupta
Staff
Staff

Hello Mictronic,

Thanks for reaching out.

I think you are just seeing the GUI bug.

Please refer: https://docs.fortinet.com/document/fortigate/7.2.6/fortios-release-notes/236526/known-issues

Bug ID: 958311

Please run the following command:

diagnose test application dnsproxy 7

You will see the IPs being resolved.

 

Thank you!

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.

View solution in original post

5 REPLIES 5
AEK
SuperUser
SuperUser

Hello

FGT must to point to itself for DNS resolution.

Go to Network > DNS, and add FGT IP as primary DNS server.

AEK
AEK
Mictronic
New Contributor II

Hello AEK,

well, I ran into a GUI only bug, FQDN resolution for address objects works, even if I do not use internal DNS in Network DNS.

 

Regards, Mic

Best regards,
Mic
Best regards,Mic
lgupta
Staff
Staff

Hello Mictronic,

Thanks for reaching out.

I think you are just seeing the GUI bug.

Please refer: https://docs.fortinet.com/document/fortigate/7.2.6/fortios-release-notes/236526/known-issues

Bug ID: 958311

Please run the following command:

diagnose test application dnsproxy 7

You will see the IPs being resolved.

 

Thank you!

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
Mictronic
New Contributor II

Hello Igupta,

yes that's it, FQDN resolution works but only the GUI says it's not.

 

Thanks for the hint to that bug.

Regards, Michael.

Best regards,
Mic
Best regards,Mic
Ken_Durrant
New Contributor

So, If this only a GUI cosmetic bug, why do rules show no matched traffic or log these entries?

Seems more broken than just cosmetic.  These logs are not getting to the SIEM, because they can't.

When will 7.2.8 firmware be released?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors