There are two possibilities:
1. Firewalla has a DNS cache build in, and if you turn on features like Family mode, adblocking, your DNS queries may appear all from Firewalla. It is simply doing on behalf of your clients.
2. When Firewalla blocks categories, it will need to resolve domain names to the corresponding IP addresses. For example, if you want to block gambling sites, say a-gambling-site.com; Firewalla will query DNS for the IP address(es) of a-gambling-site.com and then insert the IP in the data path for the final block. (this block is very strong). In certain cases, Firewalla may also cache a shortlist of popular sites per category and once a block is turned on them, Firewalla will do a pre-block of sites, this will result in queries to DNS servers as well.
Please sign in to leave a comment.