We have 2 x internal DNS servers servicing internal clients. All web traffic to *.com and *.co.za and other URL are accessed fine, however, *.org.za websites are not reachable.
error from any web browser:
DNS_PROBE_FINISHED_NXDOMAIN
If we manually change the primary dns server to an 8.8.8.8, *.org.za websites resolve. Would this be a configuration error on the 100F firewall not allowing top level domains?
Than you in advance,
hi,
no, this most probably is a configuration issue how you set up DNS. The DNS to which the request was sent does not 'know' about this domain, nor which next higher-up DNS to ask.
I do not know your objectives but I assume you want your clients to resolve internal and external names.
You've got 2 internal DNS, and the FGT.
Then,
1- the internal DNS resolves internal names (authoritative) for all clients (NOT for the FGT)
2- internal DNS forwards external requests to FGT LAN address (see step 4) -- not to any external, public DNS!
3- FGT has ISP DNS (which would be best, but in general any public DNS) as "System DNS"
4- FGT offers a DNS service on LAN, type "forward to System DNS"
5- FGT will answer external requests but not internal ones - so clients should never ask the FGT
6- in fact, all DNS requests to WAN are blocked by a policy
This is my "best practice" setup for DNS. Only the FGT does external DNS resolution, and it knows the ISP's DNS addresses by protocol (PPPoE or DHCP, statically at a pinch). You can easily check if you trust this external source. And prohibit that your clients use random, potentially insecure external DNS.
Apart from this security aspect, the FGT DNS offers the benefit of caching requests, thus reducing the "external footprint". Just imagine "google.com" being resolved only once per TTL, instead of 1000s of times.
First, check your internet connection to ensure it is stable. Then, clear your browser cache and restart the browser. If the issue persists, flush the DNS cache by using the appropriate command in the command prompt or terminal. Changing your DNS servers to providers like Google DNS or OpenDNS may also help. Additionally, disable any VPN or proxy services you're using and restart your router. If none of these steps work, it may be necessary to contact the website administrator or your internet service provider for further assistance.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.