Feature Request: Ability to override WAN DNS

Comments

10 comments

  • Avatar
    Firewalla

    To override DNS, you will have to modify DNS in the LAN segment.    See this quick article https://help.firewalla.com/hc/en-us/articles/360046703673

    0
    Comment actions Permalink
  • Avatar
    Dennis Byford

    Yes and that is what I did, but now the clients to do point to the Firewalla for DNS cache. This disabled the Firewalla capabilities that rely on controlling DNS correct? Since now the Firewalla is passing the DNS service through and not providing caching to the clients on the LAN segment.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Unless you are forwarding to a local device running as DNS server on your LAN, you should not run into any issues. 

    0
    Comment actions Permalink
  • Avatar
    Bob O'Hara

    If I am using DNS over HTTPS, that will bypass the ISP’s DNS. Correct? Are those DNS request cached in the Gold?

    0
    Comment actions Permalink
  • Avatar
    Dennis Byford

    To clarify the Firewalla will support Adblock and Family Protect with the configuration of the DHCP scope on the LAN pointing to the external Cisco OpenDNS/umbrella servers not including the LAN IP of the Firewalla in the Client DNS address list. While also not changing the WAN DNS settings. In summary, Firewalla intercepts the DNS requests and makes decisions based on some predefined list? How does that work with DNS over HTTPS? Is the Firewalla issuing a local cert the LAN clients to be in the SSL data stream? Similar question to Bob above.

    1
    Comment actions Permalink
  • Avatar
    Support Team

    DNS over HTTPS and Family Protect will redirect your DNS request to external DNS servers, it will bypass ISP's DNS.

    Ad block uses Firewalla's Local DNS server so your DNS request will go through Firewalla box then ISP. 

    Firewalla does caches DNS requests, the feature is also called DNS Booster, to help speed up connections. It can be turned off per device. 

    We understand the whole DNS configuration is rather confusing, will write a detailed article to explain it. 

    1
    Comment actions Permalink
  • Avatar
    Dennis Byford

    That explanation is helpful and confirms my understanding. 

    So in order to control DNS and use OpenDNS my feature request to override the WAN DNS provided via DHCP from my ISP is still a valid request. Since it is needed to take advantage of DNS Boost, and Ad Block if I want to also leverage Cisco OpenDNS.

    Good information on DNS over HTTPS - Who hosts that service? Firewalla? Can the option to use OpenDNS with this feature also be included?

    OpenDNS allows the customer to still control the query responses desired by category and provides some nice reporting.

    Thanks,

    Dennis

    0
    Comment actions Permalink
  • Avatar
    RDubbs

    +1 to Dennis' request.  This is a common feature on PFsense and prosumer/biz firewalls.  In my case I prefer Cloudflare's DNS, which I always use on the WAN side of firewalls even with DHCP on.  Firewalla already supports DoH for Cloudflare & OpenDNS.

    I was recently told by Firewalla support this is coming soon, just don't know what release.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You can now edit WAN DNS on the 1.43 release.  It is in beta now.  Please look for a posting here and also in facebook/reddit next week

     

    1
    Comment actions Permalink
  • Avatar
    RDubbs

    Works great, and many thanks for completing this.

    0
    Comment actions Permalink

Please sign in to leave a comment.