[outages] Fortinet DNS outage

Mel Beckman mel at beckman.org
Wed Sep 13 11:04:54 EDT 2023


We are also seeing high Sonicwall IPsec VPN false connection attempts since yesterday afternoon. The attempts are originating from Apple and Google IP space, so we simply blocked those entire /8s for IPsec, as we normally don’t get VPN traffic from those organizations. This could be a DDoS attack.

 -mel

 -mel beckman

On Sep 13, 2023, at 7:34 AM, Keith Stokes via Outages <outages at outages.org> wrote:


My Fortinet units are reporting slow response time on and off.

________________________________
From: Outages <outages-bounces at outages.org> on behalf of Dovid Bender via Outages <outages at outages.org>
Sent: Wednesday, September 13, 2023 9:17 AM
To: Cas de Reuver <cas at reuver.co>
Cc: outages at outages.org <outages at outages.org>
Subject: Re: [outages] Fortinet DNS outage

Seems to be up now

dovid at dovid-desktop:~$ dig +trace fortiguard.com<http://fortiguard.com>

; <<>> DiG 9.16.1-Ubuntu <<>> +trace fortiguard.com<http://fortiguard.com>
;; global options: +cmd
. 513568 IN NS a.root-servers.net<http://a.root-servers.net>.
. 513568 IN NS b.root-servers.net<http://b.root-servers.net>.
. 513568 IN NS c.root-servers.net<http://c.root-servers.net>.
. 513568 IN NS d.root-servers.net<http://d.root-servers.net>.
. 513568 IN NS e.root-servers.net<http://e.root-servers.net>.
. 513568 IN NS f.root-servers.net<http://f.root-servers.net>.
. 513568 IN NS g.root-servers.net<http://g.root-servers.net>.
. 513568 IN NS h.root-servers.net<http://h.root-servers.net>.
. 513568 IN NS i.root-servers.net<http://i.root-servers.net>.
. 513568 IN NS j.root-servers.net<http://j.root-servers.net>.
. 513568 IN NS k.root-servers.net<http://k.root-servers.net>.
. 513568 IN NS l.root-servers.net<http://l.root-servers.net>.
. 513568 IN NS m.root-servers.net<http://m.root-servers.net>.
;; Received 262 bytes from 127.0.0.53#53(127.0.0.53) in 44 ms

com. 172800 IN NS j.gtld-servers.net<http://j.gtld-servers.net>.
com. 172800 IN NS h.gtld-servers.net<http://h.gtld-servers.net>.
com. 172800 IN NS c.gtld-servers.net<http://c.gtld-servers.net>.
com. 172800 IN NS l.gtld-servers.net<http://l.gtld-servers.net>.
com. 172800 IN NS b.gtld-servers.net<http://b.gtld-servers.net>.
com. 172800 IN NS e.gtld-servers.net<http://e.gtld-servers.net>.
com. 172800 IN NS k.gtld-servers.net<http://k.gtld-servers.net>.
com. 172800 IN NS f.gtld-servers.net<http://f.gtld-servers.net>.
com. 172800 IN NS d.gtld-servers.net<http://d.gtld-servers.net>.
com. 172800 IN NS i.gtld-servers.net<http://i.gtld-servers.net>.
com. 172800 IN NS g.gtld-servers.net<http://g.gtld-servers.net>.
com. 172800 IN NS a.gtld-servers.net<http://a.gtld-servers.net>.
com. 172800 IN NS m.gtld-servers.net<http://m.gtld-servers.net>.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20230926050000 20230913040000 11019 . scu9Z9t8Z0Fcv+X00R6Fl1S9Oo5Md5PzQ3TRWFNfbm7jCgfzUFwgy/qd VAsuWaOuC1qQEVrqmaxDG0NQ9b6rs/8gsrS4Xcf/irMceRIHkRV2NKUw y4IuveeAT0LBlfV89ORpyjc33mO9BOBYlJrm9wWP+takgkp4tQjD9XwV BjJoOsZIOX18vcVWTKDNu9eTu8SMxN4eLikw6J3kjwJ1h31PQ9T+LsBF RHGLaz1SxWa9WGnsuiVdupnwkI5J1MZDbCEk2gwkcZeDggFKzal6uZgD 9EO2Is2kT7Dq9ALMa2D7YFlcV+C9YjnDCw3PCX0hKrat2aA/aImUUpUB AAZZQg==
;; Received 1202 bytes from 192.36.148.17#53(i.root-servers.net<http://i.root-servers.net>) in 32 ms

fortiguard.com<http://fortiguard.com>. 172800 IN NS ns1.fortinet.com<http://ns1.fortinet.com>.
fortiguard.com<http://fortiguard.com>. 172800 IN NS ns2.fortinet.com<http://ns2.fortinet.com>.
fortiguard.com<http://fortiguard.com>. 172800 IN NS ns3.fortinet.com<http://ns3.fortinet.com>.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230919042437 20230912031437 4459 com. BhTAKUlNk4eQ9008o8XKhQbVhIbR7qbu1IZVm5kKa5zuVwIdBQJZyUSw 9reTyAShz02qyCgrLK9CZqwCoXo7rMDgiGlSvC/ltG/b6ttExqDu3rza QLotrWv0Lh7OMbsFV8BYwEIJPOrfYMAwhNxxAvQOFRfrnusmHvgiEALQ qGmAebDL9w7c9e0der8WL96zTkxZbYyUpEu788zw04l1/Q==
GOBGJFQ2D7HRVAGHKH7F0275H2B9N3R9.com. 86400 IN NSEC3 1 1 0 - GOBGTU4O5DC02OIEF22F57IRHP0AGSBV NS DS RRSIG
GOBGJFQ2D7HRVAGHKH7F0275H2B9N3R9.com. 86400 IN RRSIG NSEC3 8 2 86400 20230917060131 20230910045131 4459 com. V1O2GE/Oivo+FQU/qUwQjYHHeAwj2JeFRL3/Rr/qAsLcNgJ5II1bCxaO PFKtW+e4+ty27ZwiB9iQ/Jg8hz2Szf9H1htAgdXE+0HdyCDTot/R0KHn sfeoQsfgUbYfF/2ghlSSJmphHScYA/yKQ41JA8qyKV3KKd14LTJtoKLH dSODM1Io3y1fupvAleWVaqxwxjdu32o9lDmuBZicVf1xLA==
;; Received 703 bytes from 192.43.172.30#53(i.gtld-servers.net<http://i.gtld-servers.net>) in 60 ms

fortiguard.com<http://fortiguard.com>. 86400 IN A 208.91.114.109
fortiguard.com<http://fortiguard.com>. 86400 IN NS ns1.fortinet.com<http://ns1.fortinet.com>.
fortiguard.com<http://fortiguard.com>. 86400 IN NS ns3.fortinet.com<http://ns3.fortinet.com>.
fortiguard.com<http://fortiguard.com>. 86400 IN NS ns2.fortinet.com<http://ns2.fortinet.com>.
;; Received 153 bytes from 208.91.113.63#53(ns3.fortinet.com<http://ns3.fortinet.com>) in 92 ms

dovid at dovid-desktop:~$

On Wed, Sep 13, 2023 at 10:10 AM Cas de Reuver via Outages <outages at outages.org<mailto:outages at outages.org>> wrote:
FYI: Fortinet DNS servers are down, fortiguard.com<http://fortiguard.com> itself is unreachable as well.

If you do DNS filtering, it might be a good idea to enable "Allow DNS requests when a rating error occurs" so outages like these don't affect you.

--
Cas de Reuver
http://reuver.co
_______________________________________________
Outages mailing list
Outages at outages.org<mailto:Outages at outages.org>
https://puck.nether.net/mailman/listinfo/outages
_______________________________________________
Outages mailing list
Outages at outages.org
https://puck.nether.net/mailman/listinfo/outages
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20230913/d3273766/attachment.htm>


More information about the Outages mailing list