Created on 01-17-2007 12:00 AM
Description | If you do not change your FortiGate unit default DNS configuration, FortiGate-initiated DNS queries can fail. DNS queries that fail can cause address resolution problems and can also cause the FortiGate unit and FortiGuard AntiSpam to identify legitimate email as spam. |
Components |
|
Steps or Commands | ProblemFortiOS 3.0 on all FortiGate units includes a default DNS configuration. Most users should change this default configuration to avoid DNS lookup failures. The default FortiGate DNS configuration assists with resolving FortiGuard Service addresses and for other DNS requirements during the installation of your FortiGate unit. The default DNS servers are 65.39.139.53 and 65.39.139.63. In all releases of FortiOS 3.0, you can view the default DNS configuration on the FortiGate Web-based manager by going to System> Network> Options. SymptomThere is a common issue when continuing to use default DNS servers. FortiGuard AntiSpam and spam filtering features such as HELO DNS lookup and Return e-mail DNS check use DNS queries. If DNS queries used by these features fail while analyzing an email message, the email fails a reverse DNS check, even when it should pass. As a result, the FortiGate unit identifies the email as spam when it is not spam. Email identified as spam may be tagged or discarded by the FortiGate unit. SolutionChange the FortiGate unit DNS configuration. Go System> Network> Options and enter new primary and secondary DNS server IP addresses. Use the IP addresses of the DNS servers on your local network or the DNS servers recommended by your service provider. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.