Readers will learn how the DNS forwarding feature works in EdgeOS and how to configure DNS forwarding using the CLI.
Table of Contents
- DNS Forwarding on EdgeOS
- Most Common DNS Forwarding Options
- Customizing the DNS Forwarding Options
- Related Articles
DNS Forwarding on EdgeOS
The EdgeRouter forwards the DNS request from the client to a public DNS server.
EdgeOS includes a DNS forwarding service based on dnsmasq that is consulted when clients use the EdgeRouter as a DNS server. The dnsmasq service runs in the background and will forward all client DNS queries to the specified DNS server(s).
There are two methods that can be used to provide DNS services to clients:
GlobalProvide clients global DNS server(s) using DHCP. In this case, the EdgeRouter's DNS forwarding service is not consulted.
LocalProvide clients the EdgeRouter's IP address as the DNS server. In this case, the DNS forwarding service is used and all client DNS requests are forwarded.
The latter method is advantageous because the EdgeRouter can cache the DNS information for the clients. If one client has previously resolved the IP address of a website, the next client will be able to access that IP slightly faster by resolving the address locally from the EdgeRouter rather than remotely from a global DNS server. Another benefit of using local DNS forwarding in EdgeOS is the option to resolve local hostnames easily when also using dnsmasq for DHCP. This is explained further in our DHCP Server using Dnsmasq article.
Most Common DNS Forwarding Options
Some of the options below are implemented when using a setup wizard to configure your router, however, they are detailed here for further explanation. These steps may also be useful to further customize your EdgeOS configuration after running the Basic Setup wizard. There is more information about the setup wizard in the Beginners Guide to EdgeRouter article.
Modifying the cache size
The default cache size is set to 150. It is possible to increase the size to 1000 or higher to allow a larger cache of more locally answered queries.
set service dns forwarding cache-size <nr>
Defining the listening interfaces
Pick one of the two commands below to define which interfaces are allowed to forward DNS requests. The listen-on command specifies which interfaces are allowed, all other interfaces are denied:
set service dns forwarding listen-on <interface>
The except-interface command defines which interface is denied, all other interfaces are allowed:
delete service dns forwarding listen-on
set service dns forwarding except-interface <interface>
Defining the name servers
The EdgeRouter will use either manually configured or automatically obtained DNS servers to forward the client requests. The setting below allows the EdgeRouter to use to ISP provided DNS server(s) for DNS forwarding. This option is the default when using the Basic Setup wizard with DHCP selected as the Internet connection-type.
set service dns forwarding dhcp <interface>
To manually define the DNS servers, use the name-server command.
set service dns forwarding name-server <ip-address>
The configuration below allows the EdgeRouter to use the DNS servers in the system settings to be used for DNS forwarding.
set service dns forwarding system
set system name-server <ip-address>
Use the commands below to verify the servers that are used for DNS forwarding and the statistics:
show dns forwarding nameservers
show dns forwarding statistics
Customizing the DNS Forwarding Options
This section will show a few DNS forwarding options possible using the EdgeOS CLI commands. This is not a fail-safe way to block or filter all traffic to a specific address.
Forwarding URLs to a specific IP
This example would forward all traffic to domain.com to an internal IP of 192.168.1.10 which could be a webserver or similar device.
set service dns forwarding options address=/domain.com/192.168.1.10
Forwarding a domain to another DNS server
This example allows all DNS queries from a specific domain to be forwarded to another DNS server.
set service dns forwarding options server=/domain.local/192.168.1.10