- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiScan
- FortiSandbox
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- Customer Service
- Community Groups
- Article Ideas
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Slow DNS resolution in NAT environment
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Slow DNS resolution in NAT environment
We have slow DNS resolution on client machines. Disables almost everything but problem persists. Disabled Policies and DNS filtering.
Please help. It happens from time to time only.
J_FG_Sofia # diag sniffer packet any 'port 53' and 'host destination-ip-address' 4
interfaces=[any]
filters=[port 53]
0.319559 10.10.1.3.37916 -> 185.228.168.10.53: udp 36
0.319606 31.13.217.38.37916 -> 185.228.168.10.53: udp 36
0.431941 185.228.168.10.53 -> 31.13.217.38.37916: udp 292
0.431994 185.228.168.10.53 -> 10.10.1.3.37916: udp 292
1.012498 10.10.1.3.54763 -> 185.228.168.10.53: udp 35
1.012537 31.13.217.38.54763 -> 185.228.168.10.53: udp 35
1.147913 185.228.168.10.53 -> 31.13.217.38.54763: udp 109
1.147960 185.228.168.10.53 -> 10.10.1.3.54763: udp 109
2.184699 10.10.1.3.43578 -> 185.228.168.10.53: udp 37
2.184724 31.13.217.38.43578 -> 185.228.168.10.53: udp 37
2.359038 10.10.1.3.43270 -> 185.228.168.10.53: syn 3232741629
2.359060 31.13.217.38.43270 -> 185.228.168.10.53: syn 3232741629
2.892386 10.10.1.3.53997 -> 185.228.168.10.53: udp 33
2.892448 10.10.1.3.34421 -> 185.228.168.10.53: udp 33
2.892459 31.13.217.38.53997 -> 185.228.168.10.53: udp 33
2.892489 31.13.217.38.34421 -> 185.228.168.10.53: udp 33
2.918159 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
2.918196 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
2.918229 10.10.1.3.56745 -> 185.228.168.10.53: udp 36
2.918264 31.13.217.38.56745 -> 185.228.168.10.53: udp 36
3.217876 10.10.1.3.43578 -> 185.228.168.10.53: udp 37
3.217897 31.13.217.38.43578 -> 185.228.168.10.53: udp 37
4.304926 10.10.1.3.43798 -> 185.228.168.10.53: udp 43
4.304978 31.13.217.38.43798 -> 185.228.168.10.53: udp 43
4.304996 10.10.1.3.35846 -> 185.228.168.10.53: udp 43
4.305041 31.13.217.38.35846 -> 185.228.168.10.53: udp 43
4.386688 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
4.386708 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
4.417971 185.228.168.10.53 -> 31.13.217.38.43798: udp 59
4.418016 185.228.168.10.53 -> 10.10.1.3.43798: udp 59
4.909003 10.10.1.3.43342 -> 185.228.168.10.53: syn 4223342628
4.909023 31.13.217.38.43342 -> 185.228.168.10.53: syn 4223342628
5.124205 10.10.1.3.56437 -> 185.228.168.10.53: udp 32
5.124296 31.13.217.38.56437 -> 185.228.168.10.53: udp 32
5.124303 10.10.1.3.50715 -> 185.228.168.10.53: udp 32
5.124337 31.13.217.38.50715 -> 185.228.168.10.53: udp 32
5.174387 10.10.1.3.39651 -> 185.228.168.10.53: udp 41
5.174424 31.13.217.38.39651 -> 185.228.168.10.53: udp 41
5.174460 10.10.1.3.37242 -> 185.228.168.10.53: udp 41
5.174494 31.13.217.38.37242 -> 185.228.168.10.53: udp 41
5.303137 10.10.1.3.58830 -> 185.228.168.10.53: udp 32
5.303199 31.13.217.38.58830 -> 185.228.168.10.53: udp 32
5.315585 10.10.1.3.43578 -> 185.228.168.10.53: udp 37
5.315609 31.13.217.38.43578 -> 185.228.168.10.53: udp 37
5.382068 185.228.168.10.53 -> 31.13.217.38.50715: udp 57
5.382092 185.228.168.10.53 -> 10.10.1.3.50715: udp 57
5.418272 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
5.418291 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
5.688779 185.228.168.10.53 -> 31.13.217.38.43578: udp 77
5.688883 185.228.168.10.53 -> 10.10.1.3.43578: udp 77
5.690639 185.228.168.10.53 -> 31.13.217.38.56437: udp 48
5.690725 185.228.168.10.53 -> 10.10.1.3.56437: udp 48
5.725201 185.228.168.10.53 -> 31.13.217.38.58830: udp 64
5.725250 185.228.168.10.53 -> 10.10.1.3.58830: udp 64
5.752885 10.10.1.3.53997 -> 185.228.168.10.53: udp 33
5.752912 31.13.217.38.53997 -> 185.228.168.10.53: udp 33
6.128477 185.228.168.10.53 -> 31.13.217.38.53997: udp 49
6.128535 185.228.168.10.53 -> 10.10.1.3.53997: udp 49
6.449067 31.13.217.38.3435 -> 212.73.138.38.53: udp 35
6.547578 212.73.138.38.53 -> 31.13.217.38.3435: udp 144
6.623287 10.10.1.3.52512 -> 185.228.168.10.53: udp 32
6.623333 31.13.217.38.52512 -> 185.228.168.10.53: udp 32
6.869064 31.13.217.38.3435 -> 212.73.140.66.53: udp 32
6.869588 212.73.140.66.53 -> 31.13.217.38.3435: udp 48
7.482449 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
7.482482 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
7.760146 10.10.1.3.54457 -> 1.1.1.1.53: udp 24
7.760198 31.13.217.38.54457 -> 1.1.1.1.53: udp 24
7.760873 1.1.1.1.53 -> 31.13.217.38.54457: udp 88
7.760919 1.1.1.1.53 -> 10.10.1.3.54457: udp 88
8.097373 10.10.1.3.32919 -> 185.228.168.10.53: udp 37
8.097439 31.13.217.38.32919 -> 185.228.168.10.53: udp 37
8.099313 10.10.1.3.51893 -> 185.228.168.10.53: udp 37
8.099378 31.13.217.38.51893 -> 185.228.168.10.53: udp 37
8.225271 185.228.168.10.53 -> 31.13.217.38.51893: udp 53
8.225321 185.228.168.10.53 -> 10.10.1.3.51893: udp 53
8.249510 185.228.168.10.53 -> 31.13.217.38.32919: udp 87
Labels:
- Labels:
-
FortiGate
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you mean by slow?
According to your logs we can see that DNS-UDP responses from public DNS take about 0.12s, which is very acceptable speed.
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
During the day when client machines access DNS we see wait times. Some clients can't load a single page for minutes. Then it works. Browser shows Resolving..
If I open nslookup and make a lookup it take ages to complete and sometimes doesn't give a resolved response.
And then magically the in a few hours everything works fine.
ISP DNS are fast to resolve so it must be the forti.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please capture logs from the PC, FTNT Firewall and other devices if possible simultaneously while you the face issues. I could see that you aren't using FortiGuard DNS and also the sniffer output looks fine.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we found that the default Fortinet DNS that are in FortiOS are rather slow.
So is SDNS if you use DNS filtering since it only uses US servers per default.
Setting system dns to e,g, Cloudflare or our ISPs DNS srvers together with setting the interface-select-method to sdwan and also setting this for fortiguard and have fortiguard anycast enabled and use aws as source improved that a lot.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our setup is ISP - FortiGate - UDM Pro
FortiGate runs 2000 sessions (is that a lot?)
CPU and Memory looks normal.
Started to disable stuff. Stopped all firewall policies, stopped social filters, stopped DNS filtering. Yet the issue keeps surfacing once or twice a week.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Do you have DoS policy for UDP? If so then disable it and try again
- Do you have traffic shaping policy?
- Please share another diag sniffer output when the problem occurs. The one you shared show no issue.
AEK
Related Posts
- Slow DNS resolution in NAT environment 213 Views
- Slow speed over Wifi/cable, changing mac@... 198 Views
- fortiswitches show offline in fortigate -... 691 Views
- Large transfer fails becuase sessions keep... 405 Views
- HA standby unit ports down 548 Views
Labels
-
FortiGate
3,613 -
5.2
801 -
FortiClient
742 -
5.4
639 -
6.0
416 -
FortiManager
366 -
5.6
362 -
6.2
251 -
FortiAnalyzer
235 -
5.0
196 -
FortiAP
179 -
FortiSwitch
169 -
Fortimail
167 -
FortiAuthenticator
139 -
6.4
128 -
FortiClient EMS
107 -
FortiWeb
89 -
4.0MR3
64 -
FortiGuard
59 -
FortiGateCloud
56 -
Customer Service
42 -
FortiCloud Products
42 -
FortiSIEM
41 -
FortiToken
39 -
FortiNAC
37 -
Wireless Controller
30 -
FortiADC
25 -
Fortivoice
23 -
FortiSwitch v6.4
20 -
FortiProxy
19 -
FortiExtender
18 -
FortiSandbox
17 -
FortiEDR
16 -
FortiGate v5.4
16 -
FortiConnect
16 -
FortiDNS
13 -
FortiWAN
12 -
FortiConverter
10 -
FortiSwitch v6.2
9 -
4.0MR2
9 -
FortiCASB
8 -
FortiMonitor
7 -
4.0
7 -
FortiManager v5.0
6 -
FortiSOAR
5 -
RMA Information and Announcements
5 -
FortiGate v5.2
5 -
FortiPortal
5 -
FortiAnalyzer v5.0
5 -
FortiGate v5.0
4 -
FortiCarrier
4 -
3.6
4 -
FortiDirector
3 -
FortiBridge
3 -
FortiRecorder
3 -
FortiInsight
2 -
FortiWeb v5.0
2 -
FortiScan
2 -
FortiDB
2 -
FortiDDoS
2 -
FortiGate v4.0 MR3
2 -
FortiDeceptor
1 -
4.0MR1
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiCache
1 -
FortiManager v4.0
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2023 Fortinet, Inc. All Rights Reserved.