Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jmny
New Contributor

Created on ‎05-22-2023 05:01 AM

Slow DNS resolution in NAT environment

We have slow DNS resolution on client machines. Disables almost everything but problem persists. Disabled Policies and DNS filtering.

 

Please help. It happens from time to time only.

 

 

 

J_FG_Sofia # diag sniffer packet any 'port 53' and 'host destination-ip-address' 4
interfaces=[any]
filters=[port 53]
0.319559 10.10.1.3.37916 -> 185.228.168.10.53: udp 36
0.319606 31.13.217.38.37916 -> 185.228.168.10.53: udp 36
0.431941 185.228.168.10.53 -> 31.13.217.38.37916: udp 292
0.431994 185.228.168.10.53 -> 10.10.1.3.37916: udp 292
1.012498 10.10.1.3.54763 -> 185.228.168.10.53: udp 35
1.012537 31.13.217.38.54763 -> 185.228.168.10.53: udp 35
1.147913 185.228.168.10.53 -> 31.13.217.38.54763: udp 109
1.147960 185.228.168.10.53 -> 10.10.1.3.54763: udp 109
2.184699 10.10.1.3.43578 -> 185.228.168.10.53: udp 37
2.184724 31.13.217.38.43578 -> 185.228.168.10.53: udp 37
2.359038 10.10.1.3.43270 -> 185.228.168.10.53: syn 3232741629
2.359060 31.13.217.38.43270 -> 185.228.168.10.53: syn 3232741629
2.892386 10.10.1.3.53997 -> 185.228.168.10.53: udp 33
2.892448 10.10.1.3.34421 -> 185.228.168.10.53: udp 33
2.892459 31.13.217.38.53997 -> 185.228.168.10.53: udp 33
2.892489 31.13.217.38.34421 -> 185.228.168.10.53: udp 33
2.918159 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
2.918196 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
2.918229 10.10.1.3.56745 -> 185.228.168.10.53: udp 36
2.918264 31.13.217.38.56745 -> 185.228.168.10.53: udp 36
3.217876 10.10.1.3.43578 -> 185.228.168.10.53: udp 37
3.217897 31.13.217.38.43578 -> 185.228.168.10.53: udp 37
4.304926 10.10.1.3.43798 -> 185.228.168.10.53: udp 43
4.304978 31.13.217.38.43798 -> 185.228.168.10.53: udp 43
4.304996 10.10.1.3.35846 -> 185.228.168.10.53: udp 43
4.305041 31.13.217.38.35846 -> 185.228.168.10.53: udp 43
4.386688 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
4.386708 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
4.417971 185.228.168.10.53 -> 31.13.217.38.43798: udp 59
4.418016 185.228.168.10.53 -> 10.10.1.3.43798: udp 59
4.909003 10.10.1.3.43342 -> 185.228.168.10.53: syn 4223342628
4.909023 31.13.217.38.43342 -> 185.228.168.10.53: syn 4223342628
5.124205 10.10.1.3.56437 -> 185.228.168.10.53: udp 32
5.124296 31.13.217.38.56437 -> 185.228.168.10.53: udp 32
5.124303 10.10.1.3.50715 -> 185.228.168.10.53: udp 32
5.124337 31.13.217.38.50715 -> 185.228.168.10.53: udp 32
5.174387 10.10.1.3.39651 -> 185.228.168.10.53: udp 41
5.174424 31.13.217.38.39651 -> 185.228.168.10.53: udp 41
5.174460 10.10.1.3.37242 -> 185.228.168.10.53: udp 41
5.174494 31.13.217.38.37242 -> 185.228.168.10.53: udp 41
5.303137 10.10.1.3.58830 -> 185.228.168.10.53: udp 32
5.303199 31.13.217.38.58830 -> 185.228.168.10.53: udp 32
5.315585 10.10.1.3.43578 -> 185.228.168.10.53: udp 37
5.315609 31.13.217.38.43578 -> 185.228.168.10.53: udp 37
5.382068 185.228.168.10.53 -> 31.13.217.38.50715: udp 57
5.382092 185.228.168.10.53 -> 10.10.1.3.50715: udp 57
5.418272 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
5.418291 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
5.688779 185.228.168.10.53 -> 31.13.217.38.43578: udp 77
5.688883 185.228.168.10.53 -> 10.10.1.3.43578: udp 77
5.690639 185.228.168.10.53 -> 31.13.217.38.56437: udp 48
5.690725 185.228.168.10.53 -> 10.10.1.3.56437: udp 48
5.725201 185.228.168.10.53 -> 31.13.217.38.58830: udp 64
5.725250 185.228.168.10.53 -> 10.10.1.3.58830: udp 64
5.752885 10.10.1.3.53997 -> 185.228.168.10.53: udp 33
5.752912 31.13.217.38.53997 -> 185.228.168.10.53: udp 33
6.128477 185.228.168.10.53 -> 31.13.217.38.53997: udp 49
6.128535 185.228.168.10.53 -> 10.10.1.3.53997: udp 49
6.449067 31.13.217.38.3435 -> 212.73.138.38.53: udp 35
6.547578 212.73.138.38.53 -> 31.13.217.38.3435: udp 144
6.623287 10.10.1.3.52512 -> 185.228.168.10.53: udp 32
6.623333 31.13.217.38.52512 -> 185.228.168.10.53: udp 32
6.869064 31.13.217.38.3435 -> 212.73.140.66.53: udp 32
6.869588 212.73.140.66.53 -> 31.13.217.38.3435: udp 48
7.482449 10.10.1.3.42331 -> 185.228.168.10.53: udp 36
7.482482 31.13.217.38.42331 -> 185.228.168.10.53: udp 36
7.760146 10.10.1.3.54457 -> 1.1.1.1.53: udp 24
7.760198 31.13.217.38.54457 -> 1.1.1.1.53: udp 24
7.760873 1.1.1.1.53 -> 31.13.217.38.54457: udp 88
7.760919 1.1.1.1.53 -> 10.10.1.3.54457: udp 88
8.097373 10.10.1.3.32919 -> 185.228.168.10.53: udp 37
8.097439 31.13.217.38.32919 -> 185.228.168.10.53: udp 37
8.099313 10.10.1.3.51893 -> 185.228.168.10.53: udp 37
8.099378 31.13.217.38.51893 -> 185.228.168.10.53: udp 37
8.225271 185.228.168.10.53 -> 31.13.217.38.51893: udp 53
8.225321 185.228.168.10.53 -> 10.10.1.3.51893: udp 53
8.249510 185.228.168.10.53 -> 31.13.217.38.32919: udp 87

 

 

 

 

Labels:
1349
0 Kudos
10 REPLIES 10
saneeshpv_FTNT
Staff
Staff
In response to jmny

Created on ‎06-14-2023 04:55 AM

Dear Jmny,

 

As mentioned in my previous update please collect the packet captures from Client PC and the FortiGate simultaneously when you face issues. On the PC you can use Wireshark to capture traffic and from FGT you may enable Packet Capture in the GUI and save the file as PCAP and this can also be analyzed in Wireshark.

 

Disabling the features is not the right way to solve the problem, and if you are not able to determine anything from the capture and still suspect FGT as the cause, Please share the output here and simultaneously you may open a ticket with Fortinet Technical Support if your FGT device had valid Support Entitlement.

 

 

 

174
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.