Project

General

Profile

Actions

Feature #10931

closed

system.php: Add option to omit DNS Servers from resolv.conf

Added by Jim Pingle about 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
09/25/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Some users prefer that the system only use the DNS Resolver/Forwarder for DNS resolution, rather than the entries in resolv.conf. One example use case is when all DNS from the firewall should use DNS over TLS. If the DNS Resolver is temporarily unavailable, the system could skip the DNS Resolver and send queries directly in the clear.

Currently there is an option to not use the DNS Forwarder/Resolver, which should be changed to a drop-down menu with the following entries:

Firewall DNS Resolution Behavior

  • Use DNS Resolver/Forwarder (127.0.0.1), fall back to DNS Servers (Default)
    • This option is the same as the current default with the box unchecked (resolv.conf has 127.0.0.1 then other DNS servers)
  • Use DNS Resolver/Forwarder (127.0.0.1), ignore DNS Servers
    • This option would change resolv.conf to only contain 127.0.0.1 and no other servers
  • Use DNS Servers, ignore DNS Resolver/Forwarder
    • This option is the same as if the current box is checked (resolv.conf has the DNS servers listed, but not 127.0.0.1)

Also needs upgrade code to change the current option into the new format.

Actions

Also available in: Atom PDF