It appears that the firewalla device itself uses my ISPs dns servers for dns resolution instead of DoH or Unbound. I confirmed that dnsmasq is not listening on 127.0.0.1 and when i try to resolve some local hostnames that i've created with custom dns rules from an ssh session, the hostnames are not resolved. Using nslookup from the firewalla device itself also confirms the dns server responding to the query is my ISPs dns.
I've enabled Unbound and also modified the unbound.conf to use DNS over TLS and i'd prefer to have all DNs queries, including any resolution the firewalla device is doing itself to be encrypted and not use my ISPs dns servers.
It looks like i can edit /etc/dnsmasq.conf to add "listen-address=127.0.0.1" but that file does not exist on FWG in /etc. Is there another dnsmasq.conf that i can edit to do the same thing?
Please sign in to leave a comment.