Feature Request: Ability to override WAN DNS
-
To override DNS, you will have to modify DNS in the LAN segment. See this quick article https://help.firewalla.com/hc/en-us/articles/360046703673
-
Yes and that is what I did, but now the clients to do point to the Firewalla for DNS cache. This disabled the Firewalla capabilities that rely on controlling DNS correct? Since now the Firewalla is passing the DNS service through and not providing caching to the clients on the LAN segment.
-
To clarify the Firewalla will support Adblock and Family Protect with the configuration of the DHCP scope on the LAN pointing to the external Cisco OpenDNS/umbrella servers not including the LAN IP of the Firewalla in the Client DNS address list. While also not changing the WAN DNS settings. In summary, Firewalla intercepts the DNS requests and makes decisions based on some predefined list? How does that work with DNS over HTTPS? Is the Firewalla issuing a local cert the LAN clients to be in the SSL data stream? Similar question to Bob above.
-
DNS over HTTPS and Family Protect will redirect your DNS request to external DNS servers, it will bypass ISP's DNS.
Ad block uses Firewalla's Local DNS server so your DNS request will go through Firewalla box then ISP.
Firewalla does caches DNS requests, the feature is also called DNS Booster, to help speed up connections. It can be turned off per device.
We understand the whole DNS configuration is rather confusing, will write a detailed article to explain it.
-
That explanation is helpful and confirms my understanding.
So in order to control DNS and use OpenDNS my feature request to override the WAN DNS provided via DHCP from my ISP is still a valid request. Since it is needed to take advantage of DNS Boost, and Ad Block if I want to also leverage Cisco OpenDNS.
Good information on DNS over HTTPS - Who hosts that service? Firewalla? Can the option to use OpenDNS with this feature also be included?
OpenDNS allows the customer to still control the query responses desired by category and provides some nice reporting.
Thanks,
Dennis -
+1 to Dennis' request. This is a common feature on PFsense and prosumer/biz firewalls. In my case I prefer Cloudflare's DNS, which I always use on the WAN side of firewalls even with DHCP on. Firewalla already supports DoH for Cloudflare & OpenDNS.
I was recently told by Firewalla support this is coming soon, just don't know what release.
Please sign in to leave a comment.
Comments
10 comments