**How to resolve hostnames using DNS servers** **Products:** FortiGate v6.0 FortiGate v6.2 FortiGate v6.4 **Description:** This article describes how hostnames (A-records in this example), are resolved using the DNS servers configured on the FortiGate. **Solution:** The below screenshot is taken from Network -> DNS. FortiGate is using FortiGuard servers along with dynamically obtained DNS servers (from ISP) as DNS servers. {{:fortinet:configuration:fortinet1.png?400|}} In order to find which DNS server is used by the FortiGate to resolve hostnames, sniffer and debugs will help to identify the DNS server used. In a separate window, an ICMP echo request has been sent to 'www.amsterdam.com'. The sniffer shows that the DNS query has been sent to FortiGuard DNS server 208.91.112.53.53 to resolve the hostname into an IP address. **FGT # diagnose sniffer packet any "port 53" 4 0 a** interfaces=[any] filters=[port 53] 2020-09-02 17:31:24.657517 wan1 out 192.168.0.230.1367 -> 208.91.112.53.53: udp 35 2020-09-02 17:31:24.763335 wan1 in 208.91.112.53.53 -> 192.168.0.230.1367: udp 268 2 packets received by filter 0 packets dropped by kernel **FGT # diag debug application dnsproxy -1** **FGT # diag debug console timestamp enable** **FGT # diag debug enable** 2020-09-02 10:38:39 [worker 0] batch_on_read()-2857 2020-09-02 10:38:39 [worker 0] unix_receive_request_stub()-2783 2020-09-02 10:38:39 [worker 0] unix_receive_request_stub()-2814: vd-0:0 received a req with 35 bytes (non_block=0 non_cache=0) 2020-09-02 10:38:39 [worker 0] handle_dns_request()-1778: id:0x0000 pktlen=35, qr=0 req_type=1 2020-09-02 10:38:39 [worker 0] get_intf_policy()-1101: ifindex=0 2020-09-02 10:38:39 [worker 0] dns_parse_message()-607 2020-09-02 10:38:39 [worker 0] dns_local_lookup()-2233: vfid=0 qname=www.amsterdam.com, qtype=1, qclass=1, offset=35, map#=3 max_sz=512 2020-09-02 10:38:39 [worker 0] dns_lookup_aa_zone()-496: vfid=0, fqdn=www.amsterdam.com 2020-09-02 10:38:39 [worker 0] dns_forward_request()-1122 2020-09-02 10:38:39 [worker 0] dns_send_resol_request()-977: orig id: 0x0000 local id: 0x8045 domain=www.amsterdam.com 2020-09-02 10:38:39 [worker 0] dns_find_best_server()-522: vfid=0 profiled=0 last server: 2020-09-02 10:38:39 [worker 0] dns_udp_forward_request()-833: vdom=root req_type=1 domain=www.amsterdam.com tls=0 2020-09-02 10:38:39 [worker 0] dns_udp_forward_request()-935: Send 35B to [208.91.112.53]:53 via fd=21 request:1 2020-09-02 10:38:39 [worker 0] unix_receive_request_stub()-2783 2020-09-02 10:38:39 [worker 0] batch_on_read()-2857 2020-09-02 10:38:39 [worker 0] udp_receive_response()-2719 2020-09-02 10:38:39 [worker 0] udp_receive_response()-2742: vd-0: len=113, addr=208.91.112.53:53 2020-09-02 10:38:39 [worker 0] dns_query_handle_response()-2151: id:0x8045 domain=www.amsterdam.com pktlen=113 2020-09-02 10:38:39 [worker 0] dns_query_save_response()-2132: domain=www.amsterdam.com pktlen=113 2020-09-02 10:38:39 [worker 0] dns_cache_response()-250: Response is error (3) will not cache. 2020-09-02 10:38:39 [worker 0] dns_forward_response()-1334 2020-09-02 10:38:39 [worker 0] dns_secure_forward_response()-1293: category=255 profile=none 2020-09-02 10:38:39 [worker 0] dns_send_response()-1273: domain=www.amsterdam.com reslen=113 2020-09-02 10:38:39 [worker 0] __dns_udp_forward_response()-1156 2020-09-02 10:38:39 [worker 0] __dns_udp_forward_response()-1168: vd-0 Send 113B via fd=26, family=1 2020-09-02 10:38:39 [worker 0] dns_query_delete()-427: orgi id:0x0000 local id:0x8045 active 2020-09-02 10:38:39 [worker 0] udp_receive_response()-2719 Another ICMP echo request has been sent to 'www.paris.com'. This time the DNS query has been sent to the dynamically obtained DNS server 192.168.0.1 of the ISP connection on the wan1 interface. **FGT # diagnose sniffer packet any "port 53" 4 0 a** interfaces=[any] filters=[port 53] 2020-09-02 17:31:24.867515 wan1 out 192.168.0.230.1367 -> 192.168.0.1.53: udp 43 2020-09-02 17:31:24.884953 wan1 in 192.168.0.1.53 -> 192.168.0.230.1367: udp 276 2 packets received by filter 0 packets dropped by kernel 2020-09-02 10:39:04 [worker 0] batch_on_read()-2857 2020-09-02 10:39:04 [worker 0] unix_receive_request_stub()-2783 2020-09-02 10:39:04 [worker 0] unix_receive_request_stub()-2814: vd-0:0 received a req with 31 bytes (non_block=0 non_cache=0) 2020-09-02 10:39:04 [worker 0] handle_dns_request()-1778: id:0x0000 pktlen=31, qr=0 req_type=1 2020-09-02 10:39:04 [worker 0] get_intf_policy()-1101: ifindex=0 2020-09-02 10:39:04 [worker 0] dns_parse_message()-607 2020-09-02 10:39:04 [worker 0] dns_local_lookup()-2233: vfid=0 qname=www.paris.com, qtype=1, qclass=1, offset=31, map#=3 max_sz=512 2020-09-02 10:39:04 [worker 0] dns_lookup_aa_zone()-496: vfid=0, fqdn=www.paris.com 2020-09-02 10:39:04 [worker 0] dns_forward_request()-1122 2020-09-02 10:39:04 [worker 0] dns_send_resol_request()-977: orig id: 0x0000 local id: 0xa00e domain=www.paris.com 2020-09-02 10:39:04 [worker 0] dns_find_best_server()-522: vfid=0 profiled=0 last server: 2020-09-02 10:39:04 [worker 0] dns_udp_forward_request()-833: vdom=root req_type=1 domain=www.paris.com tls=0 2020-09-02 10:39:04 [worker 0] dns_udp_forward_request()-935: Send 31B to [192.168.0.1]:53 via fd=21 request:1 2020-09-02 10:39:04 [worker 0] unix_receive_request_stub()-2783 2020-09-02 10:39:04 [worker 0] batch_on_read()-2857 2020-09-02 10:39:04 [worker 0] udp_receive_response()-2719 2020-09-02 10:39:04 [worker 0] udp_receive_response()-2742: vd-0: len=79, addr=192.168.0.1:53 2020-09-02 10:39:04 [worker 0] dns_query_handle_response()-2151: id:0xa00e domain=www.paris.com pktlen=79 2020-09-02 10:39:04 [worker 0] dns_query_save_response()-2132: domain=www.paris.com pktlen=79 2020-09-02 10:39:04 [worker 0] dns_set_min_ttl()-183: QR: www.paris.com 2020-09-02 10:39:04 [worker 0] dns_set_min_ttl()-191: Offset of 1st RR: 31 Number of RR's: 3 2020-09-02 10:39:04 [worker 0] dns_set_min_ttl()-201: RR TTL: 300 2020-09-02 10:39:04 [worker 0] dns_set_min_ttl()-201: RR TTL: 300 2020-09-02 10:39:04 [worker 0] dns_set_min_ttl()-201: RR TTL: 300 2020-09-02 10:39:04 [worker 0] dns_cache_response()-286: Min ttl = 300 2020-09-02 10:39:04 [worker 0] dns_forward_response()-1334 2020-09-02 10:39:04 [worker 0] dns_secure_forward_response()-1293: category=255 profile=none 2020-09-02 10:39:04 [worker 0] dns_visibility_log_hostname()-236: vd=0 pktlen=79 2020-09-02 10:39:04 [worker 0] hostname_entry_insert()-141: af=2 domain=www.paris.com 2020-09-02 10:39:04 [worker 0] hostname_entry_insert()-141: af=2 domain=www.paris.com 2020-09-02 10:39:04 [worker 0] hostname_entry_insert()-141: af=2 domain=www.paris.com 2020-09-02 10:39:04 [worker 0] dns_send_response()-1273: domain=www.paris.com reslen=79 2020-09-02 10:39:04 [worker 0] __dns_udp_forward_response()-1156 2020-09-02 10:39:04 [worker 0] __dns_udp_forward_response()-1168: vd-0 Send 79B via fd=26, family=1 2020-09-02 10:39:04 [worker 0] dns_query_delete()-427: orgi id:0x0000 local id:0xa00e active 2020-09-02 10:39:04 [worker 0] udp_receive_response()-2719 In order to disable debugging on the FortiGate, the following commands are used. **FGT # diag debug disable** **FGT # diag debug reset** The following command is very useful for troubleshooting DNS related issues on FortiGate. **FGT # diagnose test application dnsproxy** worker idx: 0 1. Clear DNS cache 2. Show stats 3. Dump DNS setting 4. Reload FQDN 5. Requery FQDN 6. Dump FQDN 7. Dump DNS cache 8. Dump DNS DB 9. Reload DNS DB 10. Dump secure DNS policy/profile 11. Dump Botnet domain 12. Reload Secure DNS setting 13. Show Hostname cache 14. Clear Hostname cache 15. Show SDNS rating cache 16. Clear SDNS rating cache 17. DNS debug bit mask 18. DNS debug obj mem 99. Restart dnsproxy worker **Related Links.** https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/117189/system-dns https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/960561/fortigate-dns-server https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/150448/troubleshooting-for-dns-filter