Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
smartgate
New Contributor

fortigate "foward traffic" Accept : DNS Error

When checking the log in the fortigate forward traffic menu, the message Accept: DNS Error appears.

In what cases does this occur?

Deny : DNS Error is We know that DNS Error can be caused by problems such as incorrect responses from the DNS server.

But how should we understand Accept?

The DNS server is an internal server, and is currently causing problems when using certain services.

 

6 REPLIES 6
AEK
SuperUser
SuperUser

I guess your DNS server is responding with an error message, and FortiGate policy is just accepting this response, and FortiGate could read in the DNS response that it is actually a DNS error message.

It's like when FortiGate accepts a valid response from the DNS server.

So I guess the DNS response that contains and error message is from the server and has nothing to do with FortiGate.

AEK
AEK
smartgate
New Contributor

Thank you for your reply.

I checked the traffic through debug, but found nothing unusual. But let's check again through wireshark.

 

dingjerry_FTNT

Hi @smartgate ,

 

There is an article outside of Fortinet Community explains it well:

https://www.brg.ch/fortigate-deny-dns-error-2/

 

And there is also a Fortinet KB about it:

https://community.fortinet.com/t5/FortiGate/Technical-Note-Deny-DNS-error-and-Deny-IP-connection-err...

Regards,

Jerry
smartgate

Thank you for your reply. but You didn't read my post properly.

I already know that, and what I'm curious about is Accept:DNS Error, not Deny:DNS Error.

dingjerry_FTNT

Hi @smartgate ,

 

It's the same thing about the "DNS Error" part.  "Accept" part means the traffic is accepted by the firewall policy.

Regards,

Jerry
AEK
SuperUser
SuperUser

On your client host, what do you get when you try nslookup query?

Is a valid response generates the same DNS Error log on FGT traffic log?

Also on your DNS server try to check the DNS logs if you can find any error log associated with the mentioned error.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors