Next Generation Firewall (NGFW)

Expand all | Collapse all

Queried FQDN ip becomes 208.91.112.55

  • 1.  Queried FQDN ip becomes 208.91.112.55

    Posted 19 days ago
    Hi,

    When we do nslookup we always get answer where the fqdn's ip address is changed to 208.91.112.55:
    Could it be DNS filtering is messing with the dns response where a rule/policy matched the query?

    Thanks!



  • 2.  RE: Queried FQDN ip becomes 208.91.112.55

    Posted 19 days ago
    That is the IP address of the FortiGuard "Redirect Portal" used by DNS filtering.  If the FQDN is in a blocked category, the ForitiGate will rewrite the DNS response to this IP address.


  • 3.  RE: Queried FQDN ip becomes 208.91.112.55

    Posted 18 days ago
    If DNS filtering profile is not applied to a policy this will not be used right?


  • 4.  RE: Queried FQDN ip becomes 208.91.112.55

    Posted 18 days ago
    Correct.  The profile would need to be applied to a policy.  Otherwise, the FortiGate will pass DNS requests through unaltered.  The only other way DNS would be altered would be a static translation but it seems highly unlikely there would be a static translation to FortiGuard's redirect portal.


  • 5.  RE: Queried FQDN ip becomes 208.91.112.55

    Posted 18 days ago
    I see. Can you tell me more about static translation where it is applied? How to check it?


  • 6.  RE: Queried FQDN ip becomes 208.91.112.55

    Posted 17 days ago
    From the CLI, go to "config firewall dnstranslation" and do "show".  Starting in (I believe) 6.2, static DNS translations can also be configured from the GUI under the DNS Filter security profile.


  • 7.  RE: Queried FQDN ip becomes 208.91.112.55

    Posted 17 days ago
    Could expired license would cause dns translation to redirect portal 208.91.112.55?


  • 8.  RE: Queried FQDN ip becomes 208.91.112.55

    Posted 13 days ago
    I know expired services can end up blocking web access, although it's inconsistent in my experience.  I'm not sure what effect expired services would have on traffic with a DNS Security Profile configured.