DNS lookup failure(s)-fortinet-FortiOS

DNS lookup failure(s)-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
Indeni will alert if the DNS resolution is not working on the device.

Remediation Steps:
Review the cause for the DNS resolution not working.

  |1. Login via https to the Fortinet firewall and go to the menu Network> DNS to review the DNS configuration.
  |2. Login via ssh to the Fortinet firewall and review the system dns configuration.
  |3. Verify your DNS server IPs and routing. Ensure that your firewalls or routers do not block or proxy UDP port 53. 
  |4. To verify your DNS service enter the following commands in the CLI: "execute traceroute <server_fqdn>"  where <server_fqdn> is a domain name such as www.example.com. If the DNS query fails,  an error message is received such as: traceroute: unknown host www.example.com
  |5. Login via ssh to the Fortinet firewall and troubleshoot the problem by using the "diag test application dnsproxy <X>" where <X> can be 1. Clear dns cache 2. Show stats 3. Dump DNS setting 4. Reload FQDN 5. Requery FQDN 6. Dump FQDN.
  |6. For more information review the next link: https://docs.fortinet.com/uploaded/files/2924/troubleshooting-54.pdf

How does this work?
This script logs into the Fortinet firewall through SSH and attempts to ping www.indeni.com. Before it can actually ping, the firewall must use the DNS to resolve www.indeni.com into an IP address. This script ONLY tests whether or not the DNS resolution succeeded. It does not test whether or not the actual ping was successful. Note that the DNS resolution may be using the local device DNS cache, in which case successful DNS resolution does not necessarily mean that the device DNS configuration is “correct”.

Why is this important?
Some services on a Fortinet firewall require functioning DNS resolution.

Without Indeni how would you find this?
An administrator would need to write a script to poll their firewalls for the data (force a resolution of a hostname), or simply troubleshoot once an issue occurs.

fortios-exec-ping-www-indeni-com

name: fortios-exec-ping-www-indeni-com
description: check to see if DNS resolution is working
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
comments:
    dns-server-state:
        why: |
            Some services on a Fortinet firewall require functioning DNS resolution.
        how: |
            This script logs into the Fortinet firewall through SSH and attempts to ping www.indeni.com. Before it can actually ping, the firewall must use the DNS to resolve www.indeni.com into an IP address. This script ONLY tests whether or not the DNS resolution succeeded.  It does not test whether or not the actual ping was successful.  Note that the DNS resolution may be using the local device DNS cache, in which case successful DNS resolution does not necessarily mean that the device DNS configuration is "correct".
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: exec ping www.indeni.com
    parse:
        type: AWK
        file: exec_ping_www_indeni_com.parser.1.awk

CrossVendorDnsFailure

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/CrossVendorDnsFailure.scala