[dns-operations] Fortinet contact? Problems with their public resolvers
Casper Gielen
C.Gielen at uvt.nl
Wed Jun 13 11:23:44 UTC 2018
Op 12-06-18 om 18:12 schreef Klaus Darilion:
> Does somebody have a contact to Fortinet admins? We do see a strange
> problem (effecting Fortinet customers using Fortinet's resolver).
>
> Their resolvers quite often return SERVFAIL for DNSSEC signed zones, and
> we are quite sure that the zones are signed correct and the
> authoritative name servers respond correct (see below).
I think I encountered the same problem this morning.
The main issue is that some queries fail while queries for other records
in the same zone fail. For example, asking for "NS" records would fail
while an "A" record would succeed.
The problem seemed to be related to the type of query and not to the
zone queried; all zones hosted on the server showed the same problem.
My packet sniffer shows that IP-packets seem tot dissappear in both
directions (to and from the DNS-servers).
The problems stopped when our netwerk team disabled all processing of
DNS-traffic by the Fortiddos appliance. Unfortunately our Fortinet
expert was not available to drill down into the details.
--
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
More information about the dns-operations
mailing list