New Content #12883
closed
Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
100%
Description
Page: https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-host-overrides.html
Feedback:
I have been struggling with Host Overrides not appearing to work for quite a while now. Finally got it resolved. For details, see https://forum.netgate.com/topic/170227/host-overrides-are-not-resolving-used-to
A single footnote could have saved a few years of frustration and a few days of diagnostics.
What I'd love to see is a troubleshooting footnote on this page that says if DNS appears to be working, but Host Overrides are not, then it's likely a browser or some intermediate networking device has DNS Over HTTPS turned on. (Thus, the DNS isn't being resolved by pfSense.)
( The solution is to turn it off. Or, get pfSense to do the DNS encryption, not a upstream device. An example of how to do that resides at https://www.netgate.com/blog/dns-over-tls-with-pfsense )
Updated by Jim Pingle almost 3 years ago
- Tracker changed from Todo to New Content
- Subject changed from Feedback on Services — DNS Resolver — Host Overrides to Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
Updated by Chris W almost 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 50
Updated by Jim Pingle almost 3 years ago
- Status changed from Feedback to Pull Request Review
Updated by Jim Pingle almost 3 years ago
- Status changed from Pull Request Review to New
- Assignee set to Jim Pingle
- % Done changed from 50 to 0
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
This should hopefully cover the topic in a few relevant places with minimal repetition:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/ddd68c197c44fc371daf5c26cc025749482f22c1