No DNS Proxy option on Interface 7.1.x firmware
clcventura
Newbie ✭
I am running Version 7.1.x firmware. I'm trying to set up a DNS proxy. The tutorial here says that I need to turn it on for the interface. I'm not seeing the option on 7.1.x firmware, however.
"CAUTION:
To enable the DNS Proxy feature to use the SonicWall as DNS, you will need to enable the DNS Proxy settings on the Advanced option of the Interface."
Category: Mid Range Firewalls
0
Answers
@clcventura DNS proxy changed in 7.1 and you need to activate it at Policy → Rules and Policies → DNS Rules.
For each Zone/Interface you need to create a DNS Policy of Action "Proxy". If you have licensed the additional DNS Security Service you might create Filter actions as well, otherwise it's limited to Proxy.
Check for reference (page 30 and up).
https://www.sonicwall.com/techdocs/pdf/sonicos-7-1-dns.pdf
—Michael@BWC
I think I have done this, but it is still not working. I am trying to have the iCloud relay go to a sinkhole instead.
In the manual, it has these two steps:
"For DNS over UDP requests only, select Enforce DNS Proxy for All DNS Requests. This option is not
selected by default"
"For DNS over UDP requests only, select Enable DNS Proxy Cache. This option is not selected by
default."
I'm not seeing those options though. Everything worked correctly until I upgraded to 7.1.x and lost the option to turn on DNS Proxy on the interface on the network page.
The two options you're mentioned are under Network → DNS → DNS Proxy, but as described only works for DNS over udp/53.
If you have your Access Rules allowing DoT, DoH or DoWhatever then the DNS Proxy might does not see the traffic at all.
How do you plan to sinkhole the requests? Keep in mind the built-in DNS security is not longer working if not licensed.
—Michael@BWC