Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlbertMin
New Contributor II

Created on ‎10-21-2022 08:10 AM Edited on ‎10-21-2022 08:13 AM

DNS Name Resolution does not work for all internal zones (IOS)

Hello,

 

we have a Fortigate v7.0.7 and we dial into the company via vpn from Windows, Mac, Android, iPad, iPhone.

An internal dns server is specified in the ssl vpn settings. There are different zones/domains in our internal DNS.

For example:

myfirma.lo (that's the name from our internal AD)

somethingother.de

test.blubber

...

If we make an vpn-connection (with FortiClient) from Windows, Mac or Android, all these zones/domains can be resolved to ip addresses. I test that with ping or nslookup.

For example:

ping hosta.myfirma.lo

ping hostb.somethingother.de

ping testhost.test.blubber

...

No matter what I take, I get an ip address back everywhere.

 

From iPad and iPhone (also with FortiClient) just the zone myfirma.lo works. All other zones/domains cannot be resolved.

If I ping, for example

ping testhost.test.blubber 

I get "Can't resolve host"

 

So I think, that's a problem with IOS.

 

What can I do?

 

Thank you

Greetings

AlbertMin

Labels:
15171
0 Kudos
1 Solution
AlbertMin
New Contributor II
In response to AlbertMin

Created on ‎10-27-2022 11:53 PM

The solution is to store DNS suffixes in the SSL VPN settings. Only works via CLI:
config vpn ssl settings
set dns suffix myfirma.lo;somethingother.de

View solution in original post

15147
4 REPLIES 4
AlbertMin
New Contributor II

Created on ‎10-23-2022 01:58 AM

Extra information:

I found out with a packet filter, that no DNS-request are sent into the tunnel, except for the domain myfirma.lo.

And myfirma.lo is, as I said, the name of our internal windows domain.

That can not be a coincidence.

 

And again, as I mentioned before, this only applies to ios (iPad, iPhone). With Windows/Android/Mac everything works as desired.

 

Regards.

AlbertMin

15154
0 Kudos
AlbertMin
New Contributor II
In response to AlbertMin

Created on ‎10-27-2022 11:53 PM

The solution is to store DNS suffixes in the SSL VPN settings. Only works via CLI:
config vpn ssl settings
set dns suffix myfirma.lo;somethingother.de

15148
balinttoth-gnssys
New Contributor
In response to AlbertMin

Created on ‎03-26-2024 04:23 AM

Thanks! Worked for us also :)

8449
0 Kudos
andreacostanzo
New Contributor

Created on ‎10-08-2024 08:06 AM

hello, I had solved it using this suggested 'workaround', but now that iOS has released version 18, it is happening again in Safari. Has anyone experienced the same problem and found a solution?

4326
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.