Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fabs
New Contributor III

Created on ‎08-02-2023 05:25 AM Edited on ‎08-02-2023 05:26 AM

fortigate custom external DNS Server not reachable or high response time

Hello all,
I had generally entered 1.1.1.1 as the primary DNS server and 8.8.8.8 as the secondar DNS Server.
Since yesterday morning I had the problem that no more external addresses could be resolved, or resolved very slowly. No matter which external DNS servers I specify, I have the same problem. Server hostname I also enter. There was no change in the FortiGate.
If i ping the external DNS servers, no issues <4ms
If I use the FortiGuard servers, I do not have this problem.

 

Any ideas? Thanks in advance

fabs

Labels:
1116
0 Kudos
3 REPLIES 3
srajeswaran
Staff
Staff

Created on ‎08-02-2023 05:39 AM

Can you take a pcap of DNS traffic towards one of the servers and check the time taken? This will help us to confirm if it is external issue or Fortigate issue.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1106
0 Kudos
fabs
New Contributor III
In response to srajeswaran

Created on ‎08-02-2023 06:32 AM

Hi srajeswaran,

 

i hope this information is helpful.
custom DNS Servers are 81.90.33.11, 81.90.33.12

 

Here I use the custom DNS server directly on the Windows 10 client:
dns1.png
Here I use on Windows 10 Client the Fortigate as DNS server, which in turn uses the FortiGuard DNS servers.
dns2.png

Here I use the Fortigate as DNS server on the Windows 10 client, which in turn uses the custom DNS server.
dns3.png

1095
0 Kudos
srajeswaran
Staff
Staff
In response to fabs

Created on ‎08-02-2023 06:35 AM

Third one shows there is delay, but with this capture we don't know if the delay is between Fortigate and DNS server. Can you do the capture on fortigate interface connecting to the custom DNS server

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1092
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.