Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Many "DNS-no-domain" errors


Analyzing the logs on my WLAN I see hundreds of repeated error messages. Failure Details:


Action: DNS-no-domain Reason: Server replied "non-existing domain" Message: DNS lookup of from client failed with "non-existing domain"


This type of error is displayed for all APs. In "Reason" the IP varies a bit. Any idea what that might be?



Best Regards


Valued Contributor III

Perhaps you have a rogue DHCP server that is misconfigured and someone grabbed a config from there?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:

so it makes sense what you see, these requests do result in a non-existing domain because they don't exist


i dont believe a rogue DHCP server is in play here


these are just regular DNS requests to names that don't exist


wpad is for auto proxy discovery


those couple of weird random character ones are probably this from chrome:


the intel one is most likely old or buggy software on a system looking for a hostname which doesn't exist (anymore)


the nts2000.nts2000.lan i can't directly explain but probably is also part of some auto discovery which uses your configured DNS suffixes to check for something.


there isnt anything "bad" going on here. FortiGate is just reporting what it sees and that seems to be correct.


as mentioned you can try sniffing and you will see (some of) your clients just making these requests.

New Contributor

Server replied "non-existing domain" for NTS2000.nts2000.lan


I've had the same issue and wanted to post my solution

The Wifi SSID uses WPA2 with an NPS as radius server. This is a windows server who's own microsoft certificates are renewed sometimes. SInce the same server also has a custom *.domain.lan NPS chooses this certificate as the new certificate. -> I believe this wildcard certificate is responsible for the NTS2000.nts2000.lan DNS request

After choosing the correct certificate in NPS PEAP authentication the Wifi was back up and running

Top Kudoed Authors