New to Firewalla and just got my Gold up and running a week or so ago. Loving it so far.
I have an active directory domain on my network with Windows domain controllers serving DNS requests for the local domain/clients. As you can imagine things don't work so well when the clients can't resolve the local domain so I've had to set the primary DNS on the network to point to one of the internal DNS servers. The secondary DNS is pointing to Cloudflare in case the internal DNS server is down. Under this config the clients are happy and many of the Firewalla features work (ad block, safe search, porn block, and even domain blocking using default mode), however domain blocking using "domain only mode" does not. I presume some other features may be broken as well but I haven't noticed it yet.
I assume this is because the Firewalla is pushing out the internal DNS server IP to clients via DHCP and so they're able to talk directly to the DNS server on the same network without having to talk to the Gold and hit it's DNS cache. The Gold's DNS cache seems to be where all the DNS based magic happens so all solutions I've read (mostly pi-hole threads) revolve around finding ways to make clients hit the Gold first prior to hitting the DNS server in question. However, putting my domain controllers on separate network segments isn't ideal.
One solution would be to push out the Gold's IP as the DNS server for all clients on the network, forcing them to hit the DNS cache before the Gold would then forward the requests out to the configured DNS servers. Obviously clients could manually bypass the DHCP based DNS settings and configure alternate DNS servers, but as long as those servers are external, the DNS traffic still passes through the Gold so I'm not too concerned about that.
Another solution would be the ability to configure conditional DNS forwarders so that "xyz.local" domain requests are configured to resolve to specific DNS servers.
Are either of these things possible with the Gold or could they be?
Please sign in to leave a comment.