Fix Unable to Load FortiGuard DDNS Servers List & Configure DynDNS in Fortigate

In this guide, we will cover two topics about DDNS in Fortigate.

  • How to fix unable to load FortiGuard DDNS servers list
  • How to Configure DynDNS service on Fortigate device if you can’t use Fortiguard DDNS service for some reasons.

Fortigate is famous for its multi-network security functional firewall devices, powerful UTM and user-friendly web interface. They keep upgrading their OS to match the competitors, add new features, fix bugs, and enhance the user experience.

Missing DynDNS option is another change you would notice after upgrading FortiOS 5. x series, like how we changed switch mode to interface mode by CLI. As shown below, only the FortiGuard DDNS is listed for a WAN interface in the latest FortiOS versions.

Only Fortiddns

Fix for Unable to load FortiGuard DDNS servers list

Unable To Load FortiGuard DDNS Servers List Error
  1. First, to get the Fortiguard DDNS support, the DNS settings should be selected to ‘Use Fortiguard Servers’. If you choose the ‘Specify’ option to manually enter the public DNS servers, this option will not be available.
WAN DNS Selection
  1. The device should have an active internet connection to retrieve the servers.

If the above conditions are met, but still the device cannot retrieve DDNS server information from the FortiGuard service, it could be an issue with the anycast or the version of FortiOS.

Solve Anycast Issue

We can disable the anycast protocol and enable UDP for Fortiguard connectivity.

Login to the device via telnet/SSH or web browser CLI and enter the below commands.

config system fortiguard
 set fortiguard-anycast disable
 set protocol udp
 end

Disable Anycast

Also, we can change the dedicated DDNS server manually via CLI. Input the below command.

config system fortiguard
set ddns-server-ip 173.243.138.225
end

After executing the commands successfully, check the FortiGuard DDNS server list. It should pop up correctly.

Working Dyndns

If your device can still not list the server information, it is time to upgrade its firmware.

Upgrade the Firmware

You can do the firmware upgrade from the Fortiguard cloud/manually from the main dashboard or the System settings.

The Fortigate DDNS issue should be solved with the latest firmware reboot.

Methods to Configure DynDNS DDNS on Fortigate FortiOS

The latest FortiOS versions do not allow to change 3rd party DDNS providers in GUI. We need to use the  CLI to configure it.

Follow the steps to configure DynDNS DDNS on the latest Fortigate FortiOS in CLI ( Command Line Interface) mode.

1) Connect to the device by telnet, SSH or GUI terminal and type the following commands one by one.

config system ddns  
edit 1      
set monitor-interface "wan1"        
set ddns-server dyndns.org        
set ddns-domain "hostname"        
set ddns-username "username"        
set ddns-password password

* edit 1 – 1 is the index number of DDNS settings. Start with 1 if it’s the first DDNS settings in the Fortigate box. This index number should be used later to modify anything related to the settings of the WAN port or DDNS settings.

* wan1– is the port you need to configure DDNS, which should be connected to the internet.

* ddns-server – dyndns.org is the server of the DynDNS service provider. For other providers, see more detail below.

* hostname – is the one you have registered at the dynamic DNS provider.

* username –Username of the corresponding hostname at the provider.

* password – Password of the hostname from the provider.

The following DDNS servers can be used to configure Dynamic DNS in FortiOS 5 and later.

dhs.org — supports members.dhs.org and dnsalias.com.
dipdns.net — supports dipdnsserver.dipdns.com.
dyndns.org — supports members.dyndns.org.
dyns.net — supports www.dyns.net.
easydns.com — supports members.easydns.com.
FortiGuardDDNS — supports FortiGuard DDNS service.
genericDDNS — supports DDNS server (RFC 2136) defined in ddns-server-ip.
now.net.cn — supports ip.todayisp.com.
ods.org — supports ods.org.
tzo.com — supports rh.tzo.com.
vavic.com — supports ph001.oray.net.

Once you configured the DynDNS service, as shown above, the WAN port of the device will be monitored and changed accordingly with the name and IP.

Read Also: How to enable ping response in Windows 10

2) Typing,

show system ddns

It will show the DDNS settings of the FortiGate device in CLI, which usually can’t be seen in GUI mode.

3) To edit the existing DDNS entry, use the following commands:

config system ddns  
edit 1

Enter the correct index number (eg 1) to modify.

It is recommended to take a backup of the device configuration, so you can use it in future or while replacing the existing device.

Delete Existing DDNS on Fortigate

We need to know the ID number to delete existing DDNS settings for a specific network port. In this example, it is ID 1.

Execute the below command with the proper ID to delete DDNS settings via CLI.

config system ddns  
delete 1

Dinesh is the founder of Sysprobs and written more than 400 articles. Enthusiast in Microsoft and cloud technologies with more than 15 years of IT experience.

3 thoughts on “Fix Unable to Load FortiGuard DDNS Servers List & Configure DynDNS in Fortigate”

  1. i am trying to setup remove viewing for cctv DVR , i have forwarded the ports, but i needed to use dyndns.org as the ddns server so, i know this is a silly question but do i need to also put the inverted commas(“) at the CLI as mentioned above?

    I started out with putting the inverted commas, then tried to edit it to remove it, but the ‘show system ddns’ says that the inverted commas are still there

    also is there a way to check that username and pw as provided in CLI- is working correctly

    entering the hostname of the dyndns in a website now takes me to the login page of the router.

    Reply

Leave a Comment