What is the Firewalla local domain and search domain?

Follow

Comments

10 comments

  • Avatar
    Sukumar Patel

    Glad that you clarified this. I was always confused between the two. Also glad that it's going away in the future

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    This says to create a file under /home/pi/.firewalla/config/dnsmasq_local but the code says to echo to a folder.... Which is it?

    echo "local=/lan/127.0.0.2" >> /home/pi/.firewalla/config/dnsmasq_local 

    Or should it be:

    echo "local=/lan/127.0.0.2" >> /home/pi/.firewalla/config/dnsmasq_local/new_file

    Does this allow multiple search domains?

    0
    Comment actions Permalink
  • Avatar
    Matt Niswonger

    @James - you can create any file in /home/pi/.firewalla/config/dnsmsaq_local.  You have to add one line per search domain you want to filter.

    Example of /home/pi/.firewalla/config/dnsmsaq_local/staylocal

    local=/lan/127.0.0.2
    local=/local/127.0.0.2
    local=/guest/127.0.0.2

    @Firewalla - another related issue is that the Firewalla uses upstream DNS for reverse lookups of local addresses.  Any suggestions on how to stop this as well?

    0
    Comment actions Permalink
  • Avatar
    Alak

    I think that it is important to point out that in order for for search and local domain names for devices to be resolved, DNS Booster must be enabled to allow Firewalla to intercept DNS requests and resolve those names.

    An example scenario that can come up is if you decide to use Pi-hole as your DNS server and you turn off DNS Booster because you want Pi-hole to log DNS requests from individual clients on your network.   This will break the resolution of <device>.lan names.  With DNS Booster enabled, all DNS requests go first to Firewalla and Pi-hole only sees one client, Firewalla.  You have to choose between those 2 configurations.

    0
    Comment actions Permalink
  • Avatar
    Alak

    I just wanted to let people know that adding this Firewalla DNS configuration setting broke my ecobee4 Alexa voice service functionality.

    local=/lan/127.0.0.2

    ecobee4 seems to be making DNS queries to eva.ecobee.com.lan for some reason and they might need to go through to a real DNS server even though the DNS response is NXDOMAIN (invalid domain).  Not sure if someone has an explanation about this?

    0
    Comment actions Permalink
  • Avatar
    Matt Niswonger

    @Alak,

    It sounds like you have a DNS problem if your Ecobee is trying to resolve domains with .lan appended as the TLD.  I'll have to test this with my Ecobee thermostat, I didn't both creating dnsmasq entries for search domains after I upgraded to 20.04.  You should probably open a ticket with support so they can review.

    0
    Comment actions Permalink
  • Avatar
    Alak

    @Matt I do have a support ticket open on this but there doesn't seem to be an explanation.

    I would ask that if Firewalla ever implements a feature to block unsupported local search domain requests that there should be a way to disable this either globally or per device to avoid breaking connections with some badly behaving devices like this.

    0
    Comment actions Permalink
  • Avatar
    StaN

    For local domain requests being forwarded to AdGuard Home, the following Custom Rewrite Rule works:

    ||*.lan^$client=FirewallaIP,dnsrewrite=NXDOMAIN;;

    0
    Comment actions Permalink
  • Avatar
    J. Christopher Mills

    Seems like "will be fixed in a future release" should read "we might be able to fix this somewhere down the road, and will try, but no guarentees" based on the dates of the comments on the article. 

    1
    Comment actions Permalink
  • Avatar
    Michel Pigassou

    Some browsers may have their own dns setting. Took me a while to figure out that Android Chrome dns settings were set on cloud flare, when everywhere else on my phone it was set to Firewalla's. It's probably worth mentioning in the article. 

    0
    Comment actions Permalink

Please sign in to leave a comment.