During IPFire installation the DNS servers are added manually or they could be assigned via DHCP from the ISP provider.
This section finishes the DNS server setup with a few important settings. This enables (or not) how the system and networks use the Domain Name System.
Use ISP-assigned DNS servers
This option allows you to enable or disable the usage of your local ISP-assigned DNS servers.
As default this feature is enabled and can not be used together with TLS.
Note: If you want to use the DNS servers of your ISP anyway with TLS, manually add the ISP DNS servers along with the required TLS hostname information.
Protocol for DNS queries
Specify the protocol used to send DNS queries to the enabled DNS servers.
The following protocols can be selected:
- UDP: Send the queries by using UDP (default)
- TCP: Send queries by using TCP
- TLS: Use Transport-Layer-Security to send encrypted queries
The chosen protocol will be the same for all DNS servers.
Enable Safe Search
For those of you who are running IPFire in a school or at home with children, you can now enable Safe Search for multiple search engines and YouTube. If Safe Search is enabled, all adult and violent content will be filtered in the search results.
For more details see How does Safe Search work? blog article.
Include YouTube in Safe Search
If Safe Search is enabled, all adult and violent content will be filtered in the search results.
QNAME Minimisation
To protect your privacy, the DNS proxy inside IPFire strips away any part of the domain name that is not required to resolve the query.
This feature is enabled by default and can be switched from the Standard to the Strict mode which works according to RFC 7816. This might make some records unresolvable if the upstream name server does not respond according to this standard.