Created on 05-30-2019 11:33 AM
Analyzing the logs on my WLAN I see hundreds of repeated error messages. Failure Details:
Action: DNS-no-domain Reason: Server 220.127.116.11 replied "non-existing domain" Message: DNS lookup of from client failed with "non-existing domain"
This type of error is displayed for all APs. In "Reason" the IP varies a bit. Any idea what that might be?
Created on 10-20-2021 05:52 AM
Hello, I have the same problem of you andre.amaro i see theses logs in my fortiGate/Logs/Wifi Events. You or another one did find the resolution ? With the support i hide theses logs on my fortiGate to avoid so many entries in my fortianalyzer. But still i think i have problems with my clients in wifi and i think theses logs are the problem. Regards, Guillaume
can you share some of the DNS entries which are reported for this?
it can just be the client is requesting non existing hostnames.
i believe that it is because for some reason for the WiFi the FortiGate logs the failed DNS requests, it doesn't do this on the LAN side.
looking at your screenshot the main cause is that NTS2000.nts2000.lan host. do your WiFi clients have an internal DNS server configured which should resolve this hostname? or do they have an external one which can't understand this hostname?
Well i have 2 DNS server with the nts2000.lan domain for exemple :
1 site A
1 site B
So a client can request at local (site1) and sometimes to the other site (site2) over IPsec VPN. The DNS servers are on Windows servers and not FortiGate.
But when a client ask an IP DHCP from the FortiGate he have the good local IP of the primary DNS server and secondary in remote.
These DNS data are collected by the FAP and reported to the FGT, which generates these logs. They are wireless related logs.
>>So a client can request at local (site1) and sometimes to the other site (site2) over IPsec VPN.
Could each DNS server support all local host names? Or it just contains part of them? If it is the later case, try to add all local names to it.
@Boneyard Yes all my clients can resolve the domain "nts2000.lan". But on the example I don't have a machine called "nts2000".nts2000.lan. And this is the case for all other entries in my logs :[ul]
None of those above match a device in my group.
@yzhang_FTNT Yes all my DNS servers support each device on my LAN. These servers are synchronized between them every 15 minutes. But in the logs it's indicatated that it's the DNS server which answers domain is non-existent :[ul]
Or then this is the FortiGate / FortiAP misidentifies the devices and sends incorrect data to the DNS server. Maybe that explains the weird name resolutions above.
Regards, MOREAU Guillaume
FAP just sniffs the DNS packets, and it does not modify them.
>> Server X.X.X.X replied "non-existing domain".
The above log is generated for the DNS server response message for a query with reply code (3) -- no such name.
You can use a wireshark to sniff client DNS traffic that leave the AP to see whether they are from clients. Or you can just do the sniff on the wireless client if it is doable.