Products Firewalla Gold Firewalla Purple Firewalla Blue Plus Firewalla Red Firewalla Blue

Articles in this section

See more

Difference between Search Domain & Local Domain

Avatar
Support Team
  • Updated
Follow

On Firewalla Gold/Purple, there are two types of domain name you can set for your network, search domain and local domain, Firewalla will resolve both. 

search_domain_vs_local_domain.png

 

Local domain: 

You can view or edit it under Devices -> tap on any Device -> scroll down to find  Local Domain -> Domain Name. Local domain is used across local networks, all devices share the same local domain name.

If you change the local domain name on any device, it will change for all devices. 

 

Search domain: 

You can view or edit it under Network Manager -> any Local Network -> Search Domain. Different local networks can use different search domain names, they are managed by DHCP service.

If you change the search domain on one local network, it won't affect others. 

 

Difference?

Example: You've set search domain ".lan1" for network 1, ".lan2" for network 2, local domain ".lan" for all devices.

  • If device A in network 1 is looking for device B in network 2, device A can use "deviceb.lan" or "deviceb.lan2" to reach device B.
  • If device A (in network 1) is looking for device B (also in network 1), device A can use "deviceb.lan", "deviceb.lan1", or just "deviceb" to reach device B without adding the suffix.
 
 
Note:  The "local domain" concept will be merged into "search domain" in the future. So you only need to manage search domain on the network level. 
 
 

Search domain requests forwarded to upstream DNS?

When a non-existing host with search domain is queried, e.g. invalid.lan, Firewalla DNS will forward the DNS request to upstream DNS server. It should stay local, we are aware of this issue, and it will be fixed in future release. For now, the workaround is to login Firewalla with ssh, create the following file and restart dns service to take effect immediately.
 
# create a file under /home/pi/.firewalla/config/dnsmasq_local
# replace the lan with your own search domain
# 127.0.0.2 is just an IP that is not reachable, any unreachable IP is fine.
echo "local=/lan/127.0.0.2" >> /home/pi/.firewalla/config/dnsmasq_local

# use stop and start instead of restart to clean up resource correctly
sudo systemctl stop firerouter_dns
sudo systemctl start firerouter_dns

 
 

Related articles

Comments

3 comments

Sort by Date Votes
  • Avatar
    Sukumar Patel

    Glad that you clarified this. I was always confused between the two. Also glad that it's going away in the future

    0
    Comment actions Permalink
  • Avatar
    James Willhoite
    • Edited

    This says to create a file under /home/pi/.firewalla/config/dnsmasq_local but the code says to echo to a folder.... Which is it?

    echo "local=/lan/127.0.0.2" >> /home/pi/.firewalla/config/dnsmasq_local 

    Or should it be:

    echo "local=/lan/127.0.0.2" >> /home/pi/.firewalla/config/dnsmasq_local/new_file

    Does this allow multiple search domains?

    0
    Comment actions Permalink
  • Avatar
    Matt Niswonger

    @James - you can create any file in /home/pi/.firewalla/config/dnsmsaq_local.  You have to add one line per search domain you want to filter.

    Example of /home/pi/.firewalla/config/dnsmsaq_local/staylocal

    local=/lan/127.0.0.2
    local=/local/127.0.0.2
    local=/guest/127.0.0.2

    @Firewalla - another related issue is that the Firewalla uses upstream DNS for reverse lookups of local addresses.  Any suggestions on how to stop this as well?

    0
    Comment actions Permalink

Please sign in to leave a comment.