Blue - no Acces to WLAN/private DNS

Networking
1

Hello,

i am using the blue interface without problems using standard DNS on my mobile. As soon as i change the DNS to mullvad (443) or dismail, digitalcourage (853) etc, i do not get any connection to my WLAN. My mobile complains about not having accsess to the private DNS.

I do not have any special Rules or did not open any ports. Is that the reason? Do i have to open Port 443/853? I already did try the rule
From: Blue
To: ALL
Protocoll: DNS

without any success.

Perhaps there is somone who might know the answer.

Thanks a lot.

Bildschirmfoto vom 2022-12-01 13-13-23
Bildschirmfoto vom 2022-12-01 13-13-23918×118 11.7 KB

2

Hi

Have you read the following wiki page:

Regards

3 Likes
3

I seem to remember DNS using both TCP and UDP. In your rules only TCP is present.

This sentence doesn’t quite make sense to me. I am not sure why you’d be using port 443 or mullvad for DNS…

EDIT:
It might help to go into more detail about what you are trying to accomplish. You should be able to add the outside DNS server to the DNS WebGUI (at https://ipfire.localdomain:444/cgi-bin/dns.cgi ) and things should work.

1 Like
4

i did follow the instructions on the wiki page. That seems to work. The DNS in the Web UI was already set correctly.

Bildschirmfoto vom 2022-12-01 19-15-37
Bildschirmfoto vom 2022-12-01 19-15-37950×131 10.8 KB

This should be Fine? (DNS all = (DNS TCP 53 + DNS UDP 53) according to the instruction. This is no security problem though?

5

:thinking: Maybe the following services are involved

1
port 443 - DOH
port 853 - DOT

2
Mullvad DNS
The Swedish VPN company Mullvad offers a free public DNS resolver. It supports DNS over HTTPS and DNS over TLS. They also offer a resolver with ad protection and one without. The list of blocked domains for the DNS protection is maintained on GitHub.

Digitalcourage
Digitalcourage is a non-profit organization from Germany that operates a public DNS resolver. The resolver is hosted in Germany and supports DNS-over-TLS. The site that explains the service is only available in German language.

Dismail
Free DNS Resolver without user logging, no Marketing driven typo interception …

3 Likes
6

according toThis Site Mullvad DNS is using Port 443 for DNS over HTTPS. But 853 for DNS over TLS. You’re right.

7

Supplementary reading

3 Likes
8

I think there are two problems:

  • Setting up IPFire DNS the right way. You are on a good way, if you use the recommended services mentioned in the wiki.
  • Struggling with the oddities of smartphone OSs. They sometimes resist to use the DNS (and NTP) server published in the DHCP answer. One possible solution is forcing to use the local IPFire servers. Topic “Redirect rules”.

The ‘ignorance’ of these OSs can be seen rather good, if you log the redirects. The devices try with high frequency to get in contact with their favourite server, until they give up and use the information got since the first request. That is my observation.

5 Likes