Note: In the Firewalla 1.52 app release, you can now add Custom DNS Entry Rules via the Firewalla app instead of through the method established in this guide. Watch a video tutorial or read more about this feature in our 1.52 App Release Notes.
Before you get started with this guide:
- This is for Firewalla Gold/Purple series only.
- This is for Router mode only.
- This is a technical doc for Pros.
- This is not officially supported and is not guaranteed to work long term.
1. Create any file under ~/.firewalla/config/dnsmasq_local/
Example:
$ cat ~/.firewalla/config/dnsmasq_local/example
address=/example.com/1.2.3.4
Option: the configuration will be applied globally. To override other upstream DNS server, use server-high instead of server
# Normal Priority
server=/dns-to-resolve.com/1.1.1.1
# High Priority
server-high=/dns-to-resolve.com/1.1.1.1
Likewise, you can alias a CNAME this way:
cname=alias1,alias2,alias3,target.example.comWhere one or more aliases can point to a domain.
2. Restart Firewalla DNS Service
sudo systemctl stop firerouter_dns
sudo systemctl start firerouter_dns
Reference:
https://wiki.archlinux.org/index.php/dnsmasq#Override_addresses
Comments
5 comments
This is exactly what I needed to make my Nginx Proxy Manager configuration work. I need to map the external subdomains internally as aliases to existing devices (I'm not going assign the external domain as the search/local domain).
My only comment is that, be aware that you can repeat the line without having to modify the 'address' key. This is not clear, since the example has a single line. For example:
Be aware that you forward all hosts to a single host (NPM) and then it will take care of forwarding to the right host. This explains the repeated IP address above.
Right now I'm running NPM outside of my Firewalla (one change at a time). But this is essential service and I plan to move it as a docker instance later.
Can someone help me with a suggestion?
I need DNS queries from a particular device on my LAN (known MAC and IP address) to be redirected to a specific DNS server.
How do I do this?
I know it's probably a longshot, but is there anyway to make this work on all vlans/networks on my FWG without allowing it on a specific guest network/Vlan?
I mean technically Guest is off segmented on its own, but you can still do name or reverse lookups on that network and recon internal DNS if your doing forwarding like the example.
Do you mean gust network people can do a random test for devices on the LAN side by guessing the domain name?
I guess ultimately what I am trying to achieve is to prevent guest or isolated work networks from resolving dns of private internal clients or devices. Is there a way to achieve this without assigning those networks external dns servers?
Please sign in to leave a comment.