Topic Thread

Next Generation Firewall (NGFW)

 View Only
Expand all | Collapse all

How do I test if Firewall is blocking DNS forwarding?

  • 1.  How do I test if Firewall is blocking DNS forwarding?

    Posted Feb 14, 2018 04:22 AM

    I'm setting up a network for about 50 users.  I configured a domain controller and DNS on the same server.  I have successfully joined my computer on the new domain but I am having trouble accessing most domains on the internet.  Our company domain website is hosted externally and I have an A record in the forward look up zone on our DNS server, so it find it and it works just fine.  I can also get to speedtest.org, but nothing else.  

    Locally, I have set my IP and DNS setting manually to internal DNS server and firewall.  On the DNS server, I set the IP address to 127.0.0.1 and checked the DNS forwarders and everything appears to be set correctly according to the many articles and forums I have checked.

    I also tested by manually setting my local DNS server to external DNS servers, like Comcast, but I get the same results.  I'm starting to think that the firewall is blocking this traffic.  Is there a way to test this?

    - PR



  • 2.  RE: How do I test if Firewall is blocking DNS forwarding?

     
    Posted Feb 17, 2018 06:12 AM

    Check the Fortigate logs, if anything is blocked it should be displayed there.

    You can also do a debug.

    Rony Moussa

    NSE Certified : Level 8



  • 3.  RE: How do I test if Firewall is blocking DNS forwarding?

    Posted Feb 21, 2018 01:39 PM

    Hi Paul

    If you find nothing in the log, you can use

    • packet captures, on WAN interface, with a filter on forwarders. 
      Do you see outgoing DNS requests ?  and incoming responses ?
    • diagnose debug flow with filter.


  • 4.  RE: How do I test if Firewall is blocking DNS forwarding?

    This message was posted by a user wishing to remain anonymous
    Posted Jul 05, 2018 12:43 AM

    Most essay writers UK touch confused by your question. does one need to forward AN universal resource locator so once individuals visit WWW.yourdomain.com, they see another website? If this is often what you are looking for then you wish to line up an internet forward (URL forward). this could be finished a straightforward airt so WWW.yourdomain.com changes to WWW.theotherdomain.com within the address bar.