Rise Company
15-05-2020, 10:55
حل مشكلة الدي ان اس لا يعمل DNS resolution فى الفورتي جيت FortiGate
DNS resolution not working when DNS Server configured to 'Same as Interface IP'
Deny: DNS error - Many entries "Deny:DNS Error" in Forward traffic log
DNS Error on Fortigate - Slow DNS resolution due to DNS Filter
DNS filter - A rating error occurs - all Fortiguard SDNS servers failed to respond
FortiGate DNS queries can fail
https://www.rise.company/forum/images/imported/2020/05/34.jpg
شركة فورتي جيت تنصح بتغيير DNS الاساسى الخاص بها باخر مثل 8.8.8.8
او استخدام Local الخاص بك من Internet Service Provider
حيث الافتراضى هيسبب ضعف و تقطع فى dns فهو غير مخصص للتصفح ولكن له استخدامات اخري
لذا قم بتغييرها ثم هيا بنا نحل مشكلة DNS Error" in Forward traffic log
ان الدى ان اس على Switch Interface على سبيل المثال 192.168.1.1 لا يعطى انترنت اى DNS
حيث انه يجب ان تفعيل DNS Server من داخل الفورتي جيت ثم تسمح لهذا Interface بعمل ايضا DNS
If you do not change your FortiGate unit default DNS configuration, FortiGate-initiated DNS queries can fail.
DNS queries that fail can cause address resolution problems and can also cause the FortiGate unit and FortiGuard AntiSpam to identify legitimate email as spam.
FortiOS on all FortiGate units includes a default DNS configuration. Most users should change this default configuration to avoid DNS lookup failures.
The default FortiGate DNS configuration assists with resolving FortiGuard Service addresses and for other DNS requirements during the installation of your FortiGate unit.
https://www.rise.company/forum/images/imported/2020/05/35.jpg
This article provides a solution to DNS resolution not working
when DNS Server is configured to "Same as Interface IP".
DNS resolution can be seen to fail.
https://www.rise.company/forum/images/imported/2020/05/36.jpg
Solution
Enable the DNS Database Feature.
https://www.rise.company/forum/images/imported/2020/05/37.jpg
Configure a DNS Server for the interface that DNS requests will be sent to.
Set the mode to "Forward to System DNS".
https://www.rise.company/forum/images/imported/2020/05/38.jpg
DNS resolution can now be seen to be successful.
https://www.rise.company/forum/images/imported/2020/05/39.jpg
المرجع:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40580
https://forum.fortinet.com/tm.aspx?m=148090
https://forum.fortinet.com/tm.aspx?m=157701
https://forum.fortinet.com/tm.aspx?m=155134
https://forum.fortinet.com/tm.aspx?m=157361
https://forum.fortinet.com/tm.aspx?m=139287
https://forum.fortinet.com/tm.aspx?m=138190
DNS resolution not working when DNS Server configured to 'Same as Interface IP'
Deny: DNS error - Many entries "Deny:DNS Error" in Forward traffic log
DNS Error on Fortigate - Slow DNS resolution due to DNS Filter
DNS filter - A rating error occurs - all Fortiguard SDNS servers failed to respond
FortiGate DNS queries can fail
https://www.rise.company/forum/images/imported/2020/05/34.jpg
شركة فورتي جيت تنصح بتغيير DNS الاساسى الخاص بها باخر مثل 8.8.8.8
او استخدام Local الخاص بك من Internet Service Provider
حيث الافتراضى هيسبب ضعف و تقطع فى dns فهو غير مخصص للتصفح ولكن له استخدامات اخري
لذا قم بتغييرها ثم هيا بنا نحل مشكلة DNS Error" in Forward traffic log
ان الدى ان اس على Switch Interface على سبيل المثال 192.168.1.1 لا يعطى انترنت اى DNS
حيث انه يجب ان تفعيل DNS Server من داخل الفورتي جيت ثم تسمح لهذا Interface بعمل ايضا DNS
If you do not change your FortiGate unit default DNS configuration, FortiGate-initiated DNS queries can fail.
DNS queries that fail can cause address resolution problems and can also cause the FortiGate unit and FortiGuard AntiSpam to identify legitimate email as spam.
FortiOS on all FortiGate units includes a default DNS configuration. Most users should change this default configuration to avoid DNS lookup failures.
The default FortiGate DNS configuration assists with resolving FortiGuard Service addresses and for other DNS requirements during the installation of your FortiGate unit.
https://www.rise.company/forum/images/imported/2020/05/35.jpg
This article provides a solution to DNS resolution not working
when DNS Server is configured to "Same as Interface IP".
DNS resolution can be seen to fail.
https://www.rise.company/forum/images/imported/2020/05/36.jpg
Solution
Enable the DNS Database Feature.
https://www.rise.company/forum/images/imported/2020/05/37.jpg
Configure a DNS Server for the interface that DNS requests will be sent to.
Set the mode to "Forward to System DNS".
https://www.rise.company/forum/images/imported/2020/05/38.jpg
DNS resolution can now be seen to be successful.
https://www.rise.company/forum/images/imported/2020/05/39.jpg
المرجع:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD40580
https://forum.fortinet.com/tm.aspx?m=148090
https://forum.fortinet.com/tm.aspx?m=157701
https://forum.fortinet.com/tm.aspx?m=155134
https://forum.fortinet.com/tm.aspx?m=157361
https://forum.fortinet.com/tm.aspx?m=139287
https://forum.fortinet.com/tm.aspx?m=138190