Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Luiz_Alberto_Camilo
New Contributor III

Fortinet DDNS issue

This post is addressed to Fortinet DNS Administrators. Today I created an Fortiddns record on a Fortigate and noticed that I could not resolve that DNS on another fortigate. So Using DIG I found the following : - Fortigate primary DNS server is : 208.91.112.53 and secondary is 208.91.112.52 Ok, so let' s Dig my recent created Fortiddns record :
 ; <<>> DiG 9.8.3-P1 <<>> @208.91.112.53 nctsp.fortiddns.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45772
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;nctsp.fortiddns.com.		IN	A
 
 ;; AUTHORITY SECTION:
 fortiddns.com.		765	IN	SOA	ddns1.fortinet.com. mis.fortinet.com. 2014933327 10800 900 172800 3600
 
 ;; Query time: 234 msec
 ;; SERVER: 208.91.112.53#53(208.91.112.53)
 ;; WHEN: Wed Sep 24 21:30:40 2014
 ;; MSG SIZE  rcvd: 92
 
Hummm ... weird huh ... the primary DNS server doesn' t know this domain, but I noticed that there' s an ddns1.fortinet.com ... so let' s DIG to this one :
 ; <<>> DiG 9.8.3-P1 <<>> @208.91.114.22 nctsp.fortiddns.com
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38371
 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
 ;; WARNING: recursion requested but not available
 
 ;; QUESTION SECTION:
 ;nctsp.fortiddns.com.		IN	A
 
 ;; ANSWER SECTION:
 nctsp.fortiddns.com.	300	IN	A	177.139.245.173
 
 ;; AUTHORITY SECTION:
 fortiddns.com.		86400	IN	NS	ddns2.fortinet.com.
 fortiddns.com.		86400	IN	NS	ddns1.fortinet.com.
 
 ;; Query time: 233 msec
 ;; SERVER: 208.91.114.22#53(208.91.114.22)
 ;; WHEN: Wed Sep 24 21:31:33 2014
 ;; MSG SIZE  rcvd: 102
 
Cool, ddns1.fortinet.com knows my IP ... so why primary dns servers are not syncing to the ddns1.fortinet.com ? I was using this ddns for VPN purposes and instantly after I changed the primary DNS server from the fortigate to 208.91.114.22, the VPN connected ... bingo ! and now that the DNS is in cache, I could return the DNS servers to the default ones. This isn' t the first time this happens, has happened other times and on other times, from the remote fortigate, using a ping to nctsp.fortiddns.com just fails saying " the dns could not be resolved" It would be nice if someone just check those 2 DNS Fortinet DNS servers.

Luiz Alberto Camilo NCT São Paulo www.nct.com.br NSE-5 Expert

Luiz Alberto Camilo NCT São Paulo www.nct.com.br NSE-5 Expert
3 REPLIES 3
MVIOX
New Contributor

You may want to create a support ticket for this if you are looking for Fortinet technical assistance. I believe this site is primarily a user community with some interaction from fortinet employees. (I could be wrong)
Carl_Windsor_FTNT

Note that you have posted this in the FortiDNS section. FortiDNS is a product in its own right, your query is about the FortiGate DDNS feature, two different things. As MVIOX suggested, I would recommend you raise a support ticket.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Luiz_Alberto_Camilo
New Contributor III

Hi Michael and Carl, Thanks for the recommendation. I couldn' t find the correct channel to communicate this to Fortinet, so I decided to create a post because this remains here and can be reference in search in the future. I' ll open a ticket later and post here about our findings. Thanks again !

Luiz Alberto Camilo NCT São Paulo www.nct.com.br NSE-5 Expert

Luiz Alberto Camilo NCT São Paulo www.nct.com.br NSE-5 Expert
Labels
Top Kudoed Authors