0

DoT nextdns with Fortinet FW

hello all,

i am desperately trying to get DoT to work with a Fortinet 60F via nextdns. it seems that my personal ID does not arrive at nextdns, it does show that a TLS connection is being established, but the ID is not transmitted. or port 853 is not opened.
is anyone here familiar with this problem and can maybe give me a tip? the firmware used is v7.0.6.
i tried to enter my endpoint at local domain name (xxxxxx.dns.nextdns.io), also at servername. it just doesn't want to work and apparently i'm the only one with this problem. In the documentation from firmware v7.x.x I also read something about a DNS inspection, where you have to create a firewall policy for port 853. this also did not lead to success. Our IT is also overly questioned.

3 replies

null
    • mavier
    • 2 yrs ago
    • Reported - view

    hopefully anyone can help?
    in some logs (firewall and nextdns protocol) i see, that there is a connection to w5aqbdfliqn-MYID.test.nextdns.io. i think thats not right. i can connect with TLS, but nextdns say that im not using the configuration id.

    • John_P
    • 1 yr ago
    • Reported - view

    Were you able to get this to work with the FortiGate?  Does clear text DNS work?

    • Terry_Moss
    • 1 yr ago
    • Reported - view

    I have tried this on a newly reset fortigate on firmware 7.2.5 and 7.4.0.  I cannot get this to work and I am unsure where the problem is.  Is there anyone at nextdns that can assist with this issue?

    When I configure the NextDNS DNS servers IPs and my MYID.dns.nextdns.io I can resolve dns, but no blocking occurs and the setup page tells me I am not using a profile.

    Then I put this string in that I found in the logs t3h5xuvypp-MYID.test.nextdns.io and DNS completely breaks. I have to switch back to plain on 53 to get it working again.

Content aside

  • 1 yr agoLast active
  • 3Replies
  • 379Views
  • 3 Following