Improve Your DNS Security With Firewalla
DNS, or Domain Name Systems, translate domain names to one or more IP addresses. However, DNS can be both a security and a privacy issue– not all DNS servers are trustworthy, raw DNS protocols are sent in plain text, and ISPs or DNS servers may track your online activity.
Firewalla offers a range of DNS features to help you protect your privacy, secure your data, and filter content. These features include:
Local DNS Filtering, where your DNS queries are evaluated locally on your Firewalla box and have not left your network yet:
- Blocking Rules & Ad Block
- Family Protect (Native Mode)
- Safe Search
- Custom DNS Rules
You can then manage how your DNS queries are handled via DNS Services:
- Family Protect (3rd-Party Mode)
- Traditional DNS
Blocking Rules & Ad Block
With Firewalla's Rules, you can block domains, IP addresses, the Internet, and more nearly instantly. Similarly, Firewalla's Ad Block features limits what your devices can access, but it blocks portions of a web page or app rather than blocking things entirely. Nevertheless, Firewalla still monitors every DNS query. Read our article on Managing Rules or our article on Ad Block to learn more.
Family Protect Native Mode
Family Protect Native Mode helps you filter unwanted content from the Internet. Unlike Family Protect 3rd Party Mode, Native Mode blocks content locally, meaning it doesn't rely on an external service. Native Mode can block porn, gambling, VPN sites, and more and won't conflict with other DNS services. Read our article on Family Protect to learn more.
Safe Search is a bit different from other DNS features because rather than blocking things outright, it conveys to search engines that results should be limited—usually for children. See our article on Safe Search for more information about this feature.
Custom DNS Rules
Custom DNS rules are local rules that no DNS provider could answer because they refer to devices on your own network or, in some cases, different ways of calling devices external to your network. You can use them to give multiple names to the same NAS server or as a way to point to virtual IP addresses. Think of this as a local address book.
On your box's main screen, tap DNS Service, then tap Custom DNS Rules. Finally, tap Add Custom DNS Rule and enter the domain and an IP address you want it to be resolved to. Watch a video tutorial or see Custom DNS Entry Rules for more information.
Firewalla supports several DNS protocol services that let you configure how Firewalla handles your DNS requests:
Unbound– a DNS resolver that prevents any one server from having all your records
- Unbound Over VPN sends requests over VPN instead of through your ISP
- DNS over HTTPS (DoH)– a DNS resolution protocol that encrypts your DNS requests
- Family Protect 3rd-Party Mode– a feature that blocks violent and adult content by forwarding requests to a trusted provider that filters queries
- Traditional DNS– if none of Firewalla's DNS services are enabled, Firewalla will automatically use the DNS servers configured in the LAN (or WAN) DNS setting.
You can use any of these DNS protocols simultaneously on different devices. However, you can't use different protocols simultaneously on one device. For example, if you configure DoH for a network but configure Unbound for a device on that network, the device would use Unbound while any other devices on the network would use DoH.
How To Choose Your DNS Strategy
- If you have NO concerns, just use traditional DNS from your ISP or configure some public DNS for your LAN networks.
- If you only trust your root and authoritative DNS servers, choose Unbound.
- If you trust your DNS service provider but don't trust your ISP, choose DoH.
- If you do not want any DNS queries getting changed, use Unbound.
- If you want to hide your DNS requests from your ISP, use Unbound Over VPN.
VPN Client & DNS Over VPN
Firewalla's VPN Client allows you to send traffic over a third-party VPN. In addition, you can choose to force DNS requests over your VPN as well.
- If Force DNS over VPN is ON, DNS requests will be forwarded to the VPN server. Other DNS Services (Unbound, DoH, Family Protect 3rd-Party Mode) will not work.
- If Force DNS over VPN is OFF, DNS requests will work as if there were no VPN connection, but traffic to the requested destinations will go over VPN. This means all your DNS traffic will be intercepted and protected by Firewalla DNS services.
This is part of our Firewalla Weekly Newsletter. You can sign up here https://firewalla.com/weekly.