FYI, it looks like Fortinet DNS servers are having issues with O365 today. Outlook web and desktop clients are providing invalid cert prompts for a cert that expired in 2010 for some non o365 URL. I opened a support case to Fortinet and they found that this appears to be a global issue with their DNS servers currently, regardless of the DNS protocol used. For now, we've adjusted DHCP to point to other public DNS servers to get customers working again.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Office 365 will return the ACDC closer to the IP that made the DNS query.
So if your query goes to Google DNS (8.8.8.8) or FortiGuard DNS (96.45.45.45) in the same country, the result will be different because the DNS servers will forward the query from different countries.
A best practice from Microsoft is to use the DNS servers from the ISP provider, so the queries are made from the same country that we are trying to connect to. This will ensure that Outlook will connect to the nearest Microsoft available zone with less latency.
There are some articles that you can read, that explain this.
https://c7solutions.com/2017/10/office-365-and-acdc
https://www.msxfaq.de/cloud/verbindung/o365-dnsrouting.htm
I believe that the best approach is to use the DNS from your ISP provider or a DNS server from your country.
You can change the interface DHCP settings from "Same as Interface IP" to "Specify" and put the DNS there.
In the FortiGate DNS, you can still use the FortiGuard DNS servers.
Some notes online about the Fortinet DNS.
As discussed this DNS issue is related to the Bug ID 0898560
https://www.reddit.com/r/fortinet/comments/yuu50t/dns_issues_while_using_fortinet_dns_servers/
https://community.fortinet.com/t5/Support-Forum/FortiGuard-DNS-issue/td-p/263269
Thank you for contacting us.
The issue described in ticket ###### is a known one and is currently under investigation
A temporary solution is to clear the DNS cache. We are still looking into the root cause.
Kind regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.