Template:Networking rutos manual dns: Difference between revisions

From Teltonika Networks Wiki
No edit summary
 
(11 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Template: Networking_rutos_manual_fw_disclosure
{{Template: Networking_device_manual_fw_disclosure
| fw_version = {{{series}}}_R_00.02.06.1
| series = {{{series}}}
| series     = {{{series}}}
| name  = {{{name}}}
| fw_version ={{Template: Networking_device_manual_latest_fw
| series = {{{series}}}
| name  = {{{name}}}
}}
}}
}}


__TOC__
==Summary==
==Summary==


Line 18: Line 23:
The <b>General Settings</b> section is used to set up the main DNS parameters. Refer to the table below for information on each configuration field.
The <b>General Settings</b> section is used to set up the main DNS parameters. Refer to the table below for information on each configuration field.


[[File:Networking_rutos_manual_dns_general_settings.png|border|class=tlt-border]]
[[File:Networking_rutos_manual_dns_general_settings_v3.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 27: Line 32:
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Domain required</td>
         <td>Inherited DNS servers</td>
         <td>off | on; default: <b>on</b></td>
         <td>Inherited server list</td>
         <td>When enabled, stops forwarding queries for plain names, without dots or domain parts, to upstream nameservers. If the name is not known from <i>/etc/hosts</i> or DHCP then a "not found" answer is returned.</td>
         <td>DNS Servers that were inherited from WAN interfaces.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Local server</td>
         <td>DNS servers</td>
         <td>string; default: <b>/lan/</b></td>
         <td>IP address (ip); default: <b>none</b></td>
         <td>Local domain specification. Names matching this domain are never forwarded and are resolved from DHCP or hosts files (<i>/etc/hosts</i>) only.</td>
         <td>List of DNS servers to forward requests to. See the dnsmasq -S option man page for syntax details. Specify servers to complement inherited ones.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Local domain</td>
         <td>Static addresses</td>
         <td>domain name; default: <b>lan</b></td>
         <td>Hostname (domain name) {{!}} IP address (ip); default: <b>none</b></td>
         <td>Local domain suffix appended to DHCP names and hosts file entries.</td>
         <td>List of IP addresses for queried domains. See the dnsmasq -A option man page for syntax details.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Log queries</td>
         <td>Rebind protection</td>
         <td>off | on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>on</b></td>
         <td>When enabled, write received DNS requests to syslog.</td>
         <td>Discards upstream RFC1918 responses. When enabled, the device will not resolve domain names for internal hosts.</td>
     </tr>
     </tr>
</table>
===Advanced Settings===
The <b>Advanced Settings</b> section is used to set up some of the more specific DNS parameters. Refer to the table below for information on each configuration field.
[[File:Networking_rutos_manual_dns_advanced_settings_v3.png|border|class=tlt-border]]
<table class="nd-mantable">
     <tr>
     <tr>
         <td>DNS forwardings</td>
         <th>Field</th>
         <td>string; default: <b>none</b></td>
         <th>Value</th>
         <td>List of DNS servers to forward requests to.</td>
         <th>Description</th>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Rebind protection</td>
         <td>Custom redirect</td>
         <td>off | on; default: <b>on</b></td>
         <td>Hostname (domain name) {{!}} IP address (ip); default: <b>none</b></td>
         <td>Discards upstream RFC1918 responses. When enabled, the device will not resolve domain names for internal hosts.</td>
         <td>Specify server for a domain. This is intended for private nameservers.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Allow localhost</td>
         <td>Listen Interfaces</td>
         <td>off | on; default: <b>on</b></td>
         <td>network interface(s); default: <b>none</b></td>
         <td>Allow upstream responses in the 127.0.0.0/8 range. For example, for RBL services.</td>
         <td>Limit DHCP and DNS requests listening to these interfaces, and loopback. Leave empty to listen on all interfaces.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Domain whitelist</td>
         <td>Exclude Interfaces</td>
         <td>domain name(s); default: <b>none</b></td>
         <td>network interface(s); default: <b>none</b></td>
         <td>List of domains to allow RFC1918 responses for.</td>
         <td>Prevent DHCP and DNS requests listening on these interfaces. Leave empty to listen on all interfaces.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Local Service Only</td>
         <td>Local Service Only</td>
         <td>off | on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>Limit DNS service to subnets and interfaces on which this device is serving as a DNS server.</td>
         <td>Limit DNS service to subnets interfaces on which we are serving DNS.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Non-wildcard</td>
         <td>Log queries</td>
         <td>off | on; default: <b>on</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>Binds only to specific interfaces rather than wildcard address.</td>
        <td>Write received DNS requests to syslog.</td>
    </tr>
    <tr>
        <td>Filter private</td>
        <td>off {{!}} on; default: <b>on</b></td>
         <td>Do not forward reverse lookups for local networks.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Listen Interfaces</td>
         <td>Localise queries</td>
         <td>network interface(s); default: <b>none</b></td>
        <td>off {{!}} on; default: <b>on</b></td>
         <td>Limits listening for DNS queries to interfaces specified in this field and loopback. Leave empty to listen on all interfaces.</td>
        <td>Localise hostname depending on the requesting subnet if multiple IPs are available.</td>
    </tr>
    <tr>
         <td>Additional servers file</td>
        <td>text file; default: <b>none</b></td>
         <td>Uploads an additional DNS servers file. This file may contain lines like 'server=/domain/1.2.3.4' or 'server=1.2.3.4' for domain-specific or full upstream DNS servers.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Exclude Interfaces</td>
         <td>Size of DNS query cache</td>
         <td>network interface(s); default: <b>none</b></td>
         <td>integer [0..10000]; default: <b>none</b></td>
         <td>Prevents listening for DNS queries on interfaces specified in this field. Leave empty to listen on all interfaces.</td>
         <td>Number of cached DNS entries (max is 10000, 0 is no caching).</td>
     </tr>
     </tr>
</table>
</table>


==Resolve and Hosts Files==
==HTTPS DNS Proxy==


The <b>Resolve and Hosts Files</b> section is used to configure the usage of these files:
Light-weight DNS-over-HTTPS, non-caching translation proxy for the RFC 8484 DoH standard. It receives regular (UDP) DNS requests and resolves them via DoH resolver.


<ul>
<b>Note:</b> IGMP Proxy is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.
    <li><b><i>/etc/hosts</i></b> - the hosts file; contains hostname/IP address combinations for DNS hostname resolution; it is always checked first;</li>
    <li><b><i>/etc/resolv.conf</i></b> - the resolve file; contains instructions that state the default search domain(s) that are used to complete a received query name into a fully qualified domain name (FQDN) when no domain suffix is provide.<br>Also contains a list of nameserver IP addresses for hostname resolution (DNS servers);</li>
    <li><b><i>/tmp/resolv.conf.auto</i></b> - alternative resolve file, used for public hostname resolutions. The path to this file can be changed from this section.</li>
</ul>


Refer to the table below for information on each configuration field.
===HTTPS DNS proxy configuration===


[[File:Networking_rutos_manual_dns_resolve_and_hosts_files.png|border|class=tlt-border]]
The <b>HTTPS DNS proxy configuration</b> section is used to enable the service. Refer to the table below for information on each configuration field.
 
[[File:Networking_rutos_manual_https_dns_proxy.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 109: Line 131:
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Ignore resolve file</td>
         <td>Enable</td>
         <td>off | on; default: <b>off</b></td>
         <td>off {{!}} on; default: <b>off</b></td>
         <td>When enabled, doesn't read upstream servers from <i>/etc/resolv.conf</i> which is linked to the resolve file by default.</td>
         <td>Enables HTTPS DNS proxy configuration.</td>
    </tr>
    <tr>
        <td>Resolve file</td>
        <td>text file; default: <b>none</b></td>
        <td>Specifies an alternate DNS resolve file to use instead of the default one (<i>/tmp/resolv.conf.auto</i>).</td>
    </tr>
    <tr>
        <td>Ignore /etc/hosts</td>
        <td>off | on; default: <b>off</b></td>
        <td>Local domain suffix appended to DHCP names and hosts file entries.</td>
    </tr>
    <tr>
        <td>Additional Hosts files</td>
        <td>text file; default: <b>none</b></td>
        <td>Uploads a hosts files to use in addition to <i>/etc/hosts</i>.</td>
     </tr>
     </tr>
</table>
</table>


==Advanced Settings==
===DNS over HTTPS resolvers===


The <b>Advanced Settings</b> section is used to set up some of the more specific DNS parameters. Refer to the table below for information on each configuration field.


[[File:Networking_rutos_manual_dns_advanced_settings.png|border|class=tlt-border]]
The <b>DNS over HTTPS resolvers</b> section is used to set up some of the more specific DNS parameters. Refer to the table below for information on each configuration field.
 
[[File:Networking_rutos_manual_dns_over_https_resolvers.png|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">
Line 143: Line 151:
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Filter private</td>
         <td>Preset</td>
         <td>off | on; default: <b>on</b></td>
         <td>Custom {{!}} Google {{!}} CloudFlare; default: <b>CloudFlare</b></td>
         <td>Do not forward reverse lookups for local networks.</td>
         <td>Presets for popular DNS over HTTPS resolvers. Use "Custom" to set your resolver.</td>
    </tr>
    <tr>
        <td>Filter useless</td>
        <td>off | on; default: <b>off</b></td>
        <td>When disabled, does not forward requests that cannot be answered by public name servers.</td>
    </tr>
    <tr>
        <td>Localise queries</td>
        <td>off | on; default: <b>on</b></td>
        <td>Localise hostname depending on the requesting subnet if multiple IPs are available.</td>
    </tr>
    <tr>
        <td>Expand hosts</td>
        <td>off | on; default: <b>on</b></td>
        <td>Adds local domain suffix to names served from the hosts file(s).</td>
    </tr>
    <tr>
        <td>No negative cache</td>
        <td>off | on; default: <b>off</b></td>
        <td>When disabled, does not cache negative replies, i.e., "no such domain" responses.</td>
    </tr>
    <tr>
        <td>Additional servers file</td>
        <td>text file; default: <b>none</b></td>
        <td>Uploads an additional DNS servers file. This file may contain lines like 'server=/domain/1.2.3.4' or 'server=1.2.3.4' for domain-specific or full upstream DNS servers.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Strict order</td>
         <td>Bootsrap DNS</td>
         <td>off | on; default: <b>off</b></td>
         <td>IPv4/IPv6 address; default: <b>depends on the service provider</b></td>
         <td>When enabled, DNS servers will be queried in the order of the resolve file.</td>
         <td>This DNS is used for the initial "Resolver URL" resolve.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>All Servers</td>
         <td>Resolver URL</td>
         <td>off | on; default: <b>off</b></td>
         <td>url; default: <b>depends on the service provider</b></td>
         <td>When enabled, queries all available upstream DNS servers.</td>
         <td>Resolver URL.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>Bogus NX Domain Override</td>
         <td>Port</td>
         <td>ip; default: <b>none</b></td>
         <td>integer [1..65535]; default: <b>depends on the service provider</b></td>
         <td>List of hosts that supply bogus NX domain results.</td>
         <td>Internal port used for this resolver. Change only if it collides with existing ports on this device.</td>
     </tr>
     </tr>
     <tr>
     <tr>
         <td>DNS server port</td>
         <td>Actions</td>
         <td>integer [0..65535]; default: <b>none</b></td>
         <td>-interactive button; default: <b>Delete</b></td>
         <td>Listening port for inbound DNS queries.</td>
         <td>Deletes the preset.</td>
    </tr>
    <tr>
        <td>DNS query port</td>
        <td>integer [0..65535]; default: <b>none</b></td>
        <td>Fixed source port for outbound DNS queries.</td>
    </tr>
    <tr>
        <td>Max. EDNS0 packet size</td>
        <td>integer [0..9999999999999999]; default: <b>none</b></td>
        <td>Maximum allowed size of Extension Mechanisms for Domain Name System.0 UDP packets.</td>
    </tr>
    <tr>
        <td>Max. concurrent queries</td>
        <td>integer [0..9999999999999999]; default: <b>none</b></td>
        <td>Maximum allowed number of concurrent DNS queries.</td>
    </tr>
    <tr>
        <td>Size of DNS query cache</td>
        <td>integer [0..10000]; default: <b>none</b></td>
        <td>Number of cached DNS entries. Set to 0 for no caching.</td>
     </tr>
     </tr>
</table>
</table>
<b>Note:</b> If more than one resolver is specified then the first is used as the main one and others are used as failovers.


[[Category:{{{name}}} Network section]]
[[Category:{{{name}}} Network section]]

Latest revision as of 10:47, 30 August 2024

The information in this page is updated in accordance with firmware version .

Summary

The DNS page is used to to set up how the device utilizes its own and other DNS servers.

This manual page provides an overview of the DNS windows in {{{name}}} devices.

If you're having trouble finding this page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Advanced" button, located at the top of the WebUI.

General Settings

The General Settings section is used to set up the main DNS parameters. Refer to the table below for information on each configuration field.

Field Value Description
Inherited DNS servers Inherited server list DNS Servers that were inherited from WAN interfaces.
DNS servers IP address (ip); default: none List of DNS servers to forward requests to. See the dnsmasq -S option man page for syntax details. Specify servers to complement inherited ones.
Static addresses Hostname (domain name) | IP address (ip); default: none List of IP addresses for queried domains. See the dnsmasq -A option man page for syntax details.
Rebind protection off | on; default: on Discards upstream RFC1918 responses. When enabled, the device will not resolve domain names for internal hosts.

Advanced Settings

The Advanced Settings section is used to set up some of the more specific DNS parameters. Refer to the table below for information on each configuration field.

Field Value Description
Custom redirect Hostname (domain name) | IP address (ip); default: none Specify server for a domain. This is intended for private nameservers.
Listen Interfaces network interface(s); default: none Limit DHCP and DNS requests listening to these interfaces, and loopback. Leave empty to listen on all interfaces.
Exclude Interfaces network interface(s); default: none Prevent DHCP and DNS requests listening on these interfaces. Leave empty to listen on all interfaces.
Local Service Only off | on; default: off Limit DNS service to subnets interfaces on which we are serving DNS.
Log queries off | on; default: off Write received DNS requests to syslog.
Filter private off | on; default: on Do not forward reverse lookups for local networks.
Localise queries off | on; default: on Localise hostname depending on the requesting subnet if multiple IPs are available.
Additional servers file text file; default: none Uploads an additional DNS servers file. This file may contain lines like 'server=/domain/1.2.3.4' or 'server=1.2.3.4' for domain-specific or full upstream DNS servers.
Size of DNS query cache integer [0..10000]; default: none Number of cached DNS entries (max is 10000, 0 is no caching).

HTTPS DNS Proxy

Light-weight DNS-over-HTTPS, non-caching translation proxy for the RFC 8484 DoH standard. It receives regular (UDP) DNS requests and resolves them via DoH resolver.

Note: IGMP Proxy is additional software that can be installed from the System → [[{{{name}}} Package Manager|Package Manager]] page.

HTTPS DNS proxy configuration

The HTTPS DNS proxy configuration section is used to enable the service. Refer to the table below for information on each configuration field.

Field Value Description
Enable off | on; default: off Enables HTTPS DNS proxy configuration.

DNS over HTTPS resolvers

The DNS over HTTPS resolvers section is used to set up some of the more specific DNS parameters. Refer to the table below for information on each configuration field.

Field Value Description
Preset Custom | Google | CloudFlare; default: CloudFlare Presets for popular DNS over HTTPS resolvers. Use "Custom" to set your resolver.
Bootsrap DNS IPv4/IPv6 address; default: depends on the service provider This DNS is used for the initial "Resolver URL" resolve.
Resolver URL url; default: depends on the service provider Resolver URL.
Port integer [1..65535]; default: depends on the service provider Internal port used for this resolver. Change only if it collides with existing ports on this device.
Actions -interactive button; default: Delete Deletes the preset.

Note: If more than one resolver is specified then the first is used as the main one and others are used as failovers.

[[Category:{{{name}}} Network section]]