Hot!Fortigate 100D Fortios 5.4.1 Deny: DNS error

Page: < 12 Showing page 2 of 2
Author
tmazowski
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/20 10:55:42
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2017/03/22 08:00:23 (permalink)
0
lmccuistian
I'm have the same issue on my Fortigate 100E FortiOS 5.4.4.  I tried deleting the session helper, without luck (but it didn't seem to hurt anything either).  I also verified my DNS Source IP is 0.0.0.0 already too.
 
@MikePruett, you stated you created some new security sensors. Are you saying you created new security profiles (AV, Web Filter, App Control, Etc..) across the board, or just for the ones that tied to a policy for DNS traffic?




lmccuistian - what are you using for system DNS? If you have private DNS servers set there, try switching them to FortiGuard or public DNS to see if it helps. We typically have that set up, and then use internal DNS for any DHCP scopes running on the FortiGate.
#21
lmccuistian
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/21 11:58:22
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2017/03/22 12:33:05 (permalink)
0
I tried that, but no luck there either.  Still logging Deny: DNS Errors and also Deny: IP Connection Errors.
 
On my other Fortigate devices I typically have the primary DNS set to an internal DNS and secondary set to external.  The primary reason for this is so that in my logs, it will resolve internal hostnames.
#22
MikePruett
Platinum Member
  • Total Posts : 702
  • Scores: 17
  • Reward points: 0
  • Joined: 2014/01/08 19:39:40
  • Location: Montgomery, Al
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2017/03/23 08:44:13 (permalink)
0
On one of the Gates that I was experiencing this issue with I had to recreate profiles for my security functions. It's as though the originals were corrupt post update.
#23
lmccuistian
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/21 11:58:22
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2017/03/24 08:31:19 (permalink)
0
I was using the default security profiles that ship with the unit, just had modified them a bit to meet my need.  But I just tried as you suggested and created brand new profiles for AV, Webfilter, App Control, Proxy, and Certificate Inspection applied the new ones to every policy that is using them, but it made no change for me.  I'm getting nothing but Deny: IP connection errors in my log.
#24
dlopez
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/05 00:47:17
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2017/05/05 01:48:49 (permalink)
0
Hello,
Same errors with same device and same OS.
Did you fix the issue ?
Thanks
Regs
#25
lmccuistian
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/21 11:58:22
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2017/05/05 04:08:54 (permalink)
0
Sorry, I didn't update this thread sooner.  I think I found the solution to my problem. It seems the log severity was set much higher than it should have been. I set the log severity to informational by using the commands below and now I have a usable log.

config log mem filter
set severity information
end
#26
OGIGuy
Bronze Member
  • Total Posts : 23
  • Scores: 0
  • Reward points: 0
  • Joined: 2009/04/21 13:07:44
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2017/05/18 08:10:58 (permalink)
0
FWIW, I just installed a Fortigate 200D with FortiOS 5.4.4. About 30% of the DNS requests were getting the DNS Error message. Deleting the DNS session-helper seems to have eliminated all the DNS error messages. Throughput greatly improved.
Thanks for the fix, gsarica and FortiSupport.
#27
live89
Silver Member
  • Total Posts : 92
  • Scores: 6
  • Reward points: 0
  • Joined: 2016/05/11 07:20:42
  • Status: offline
Re: Fortigate 100D Fortios 5.4.1 Deny: DNS error 2020/09/22 06:02:04 (permalink)
0
I have the same situation were we have FML behind FGT and in FAZ we see lots of "Deny: DNS error" and "IP connection error" from FML source IP.
I tried deleting the DNS session-helper but that didn't help.
And in FML system events we see:
 
UDP DNS response is truncated, try DNS query in TCP (happened 115900 time(s)), DNS question section:{name=yahoo.com, qtype=16, class="1"}
 
Not really sure what to do.

Thanks
#28
Page: < 12 Showing page 2 of 2
Jump to:
© 2020 APG vNext Commercial Version 5.5