On Firewalla Gold/Purple, there are two types of domain name you can set for your network, search domain and local domain, Firewalla will resolve both.
Local domain:
You can view or edit it under Devices -> tap on any Device -> scroll down to find Local Domain -> Domain Name. Local domain is used across local networks, all devices share the same local domain name.
If you change the local domain name on any device, it will change for all devices.
Search domain:
You can view or edit it under Network Manager -> any Local Network -> Search Domain. Different local networks can use different search domain names, they are managed by DHCP service.
If you change the search domain on one local network, it won't affect others.
Difference?
Example: You've set search domain ".lan1" for network 1, ".lan2" for network 2, local domain ".lan" for all devices.
- If device A in network 1 is looking for device B in network 2, device A can use "deviceb.lan" or "deviceb.lan2" to reach device B.
- If device A (in network 1) is looking for device B (also in network 1), device A can use "deviceb.lan", "deviceb.lan1", or just "deviceb" to reach device B without adding the suffix.
Search domain requests forwarded to upstream DNS?
# create a file under /home/pi/.firewalla/config/dnsmasq_local
# replace the lan with your own search domain
# 127.0.0.2 is just an IP that is not reachable, any unreachable IP is fine.
echo "local=/lan/127.0.0.2" >> /home/pi/.firewalla/config/dnsmasq_local
# use stop and start instead of restart to clean up resource correctly
sudo systemctl stop firerouter_dns
sudo systemctl start firerouter_dns
Comments
3 comments
Glad that you clarified this. I was always confused between the two. Also glad that it's going away in the future
This says to create a file under /home/pi/.firewalla/config/dnsmasq_local but the code says to echo to a folder.... Which is it?
Or should it be:
Does this allow multiple search domains?
@James - you can create any file in /home/pi/.firewalla/config/dnsmsaq_local. You have to add one line per search domain you want to filter.
Example of /home/pi/.firewalla/config/dnsmsaq_local/staylocal
@Firewalla - another related issue is that the Firewalla uses upstream DNS for reverse lookups of local addresses. Any suggestions on how to stop this as well?
Please sign in to leave a comment.