FortiEMS internal DNS Servers are configured on the all Ethernet adapters if SSLVPN is online.
- jfi. FortiGate distributes the DNS Servers configured in the SSLVPN Settings, or the Portal.
You may change this behavior, if you select the VPN Profile click Advanced and then disabl prefer SSL VPN DNS
Below you may find further informations.
Maybe you’re also expieriencing DNS cache issues, then you may also check the DNS Cache Service Control.
Screenshot is from FortiEMS Server 6.4.8 but applies also to version 7.0.x and maybe above
Windows Client DNS cache troubleshooting tips
check your current DNS Servers for your adapters with ipconfig /all
Check the Windows Client DNS cache with ipconfig /displaydns
You may verify the currently resolved ip address for a domain with a ping.
ping
PS C:\Users> ping www.c3it.net
Ping wird ausgeführt für www.c3it.net [81.19.159.38] mit 32 Bytes Daten:
Antwort von 81.19.159.38: Bytes=32 Zeit=29ms TTL=53
check DNS cache
PS C:\Users> Get-DnsClientCache -Name www.c3it.net
Entry RecordName Record Status Section TimeTo Data Data
Type Live Length
—– ———- —— —— ——- —— —— —-
www.c3it.net www.c3it.net A Success Answer 2269 4 81.19.159.38
nslookup to your DNS server (! this might not be the same result as if you do a simple ping)
PS C:\Users> nslookup www.c3it.net
Server: UnKnown
Address: fda1:3fb1:0:10f::1
Nicht autorisierende Antwort:
Name: www.c3it.net
Address: 81.19.159.38
wireshark (usally it would be a overkill to troubleshoot a simple DNS request)
