Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andre_amaro
New Contributor II

Many "DNS-no-domain" errors

Dear,

Analyzing the logs on my WLAN I see hundreds of repeated error messages. Failure Details:

 

Action: DNS-no-domain Reason: Server 120.64.11.10 replied "non-existing domain" Message: DNS lookup of from client failed with "non-existing domain"

 

This type of error is displayed for all APs. In "Reason" the IP varies a bit. Any idea what that might be?

 

 

Best Regards

André

12 REPLIES 12
rwpatterson
Valued Contributor III

Perhaps you have a rogue DHCP server that is misconfigured and someone grabbed a config from there?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
boneyard

so it makes sense what you see, these requests do result in a non-existing domain because they don't exist

 

i dont believe a rogue DHCP server is in play here

 

these are just regular DNS requests to names that don't exist

 

wpad is for auto proxy discovery

 

those couple of weird random character ones are probably this from chrome: https://isc.sans.edu/forums/diary/Google+Chrome+and+weird+DNS+requests/10312/

 

the intel one is most likely old or buggy software on a system looking for a hostname which doesn't exist (anymore)

 

the nts2000.nts2000.lan i can't directly explain but probably is also part of some auto discovery which uses your configured DNS suffixes to check for something.

 

there isnt anything "bad" going on here. FortiGate is just reporting what it sees and that seems to be correct.

 

as mentioned you can try sniffing and you will see (some of) your clients just making these requests.

goback
New Contributor

Server replied "non-existing domain" for NTS2000.nts2000.lan

 

I've had the same issue and wanted to post my solution

The Wifi SSID uses WPA2 with an NPS as radius server. This is a windows server who's own microsoft certificates are renewed sometimes. SInce the same server also has a custom *.domain.lan NPS chooses this certificate as the new certificate. -> I believe this wildcard certificate is responsible for the NTS2000.nts2000.lan DNS request

After choosing the correct certificate in NPS PEAP authentication the Wifi was back up and running

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors