Force clients to use IPFire's DNS proxy

Could this be added as a default firewall rule?
That could be enabled from the firewall rules?

1 Like

What??? :crazy_face:

Firewall rule: block DNS from any subnet you want to RED
DHCP: configure DNS server address with your IPFire IP

Hi Shaun,

you cannot create a firewall rule to distribute the dns-server to your clients on the network.
But like Terry wrote: you can create a firewall rule to block all dns-traffic except for your dedicated dns-server.
to distribute your dns-proxy to your clients, have a look at your dhcp-server configuration page.
here you have the option to define 2 dns-servers of your network.

hope that answered your question.

1 Like

Yes. I saw that in the Wiki.
Can it be added as a Built in rule. That is in the firewall list.So you only have to enable it ?
If computers are bypassing Ipfire’s DNS. It seems to me that my network is less secure.
If you are using DNS over TLS . i will need fire wall rules for that.
And will I then need to Block DNS on port 53? with more firewall rules?

I use a Pi-hole as my only DNS server for all non-core devices but there are still some devices that insist on trying to use “their own choice of DNS server”. Yes, sit down Android, you’re one of the worst offenders. It maybe the OS or simply some apps but I’m convinced there are some devices/apps that are using DNS for more than just name lookups. I’ve taken to blocking all DNS lookups from non-core devices on IPFire; you use my choice of DNS or nothing at all. I’ve yet to find anything that’s majorly broken and I’ve even given up logging attemted use of as there’s simply too much ‘noise’.

I agree that it is next to impossible to stop thing from bypassing your DNS server.
I,m sure that is why DNS over TLS is the big push and not DoH.(no easy way to stop DoH).
When they add DNS over TLS. I may point Pi-Hole to ipfire’s DNS.