Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Differences in Revisions: DNS Configuration

»
Add image of the config section
# DNS configuration
 
When you install IPFire, you configure DNS name servers either manually or get them assigned via DHCP from your provider.
 
In this section you can take some very important settings how your system and networks will use the Domain Name System.
 
### Use ISP-assigned DNS servers
This option allows you to enable or disable the usage of your local ISP-assigned DNS servers.
 
As default this feature is enabled and can not be used together with TLS.
 
If you anyway want to use the DNS servers of your ISP you still can add them manually and add the required TLS hostname information to get them to work.
 
### Protocol for DNS queries
This dropdown box allows to specify the protocol which will be used to send DNS queries to
the used DNS servers.
 
The following protocols can be selected:
 
* UDP: Send the queries by using UDP (default)
* TCP: Send queries by using TCP
* TLS: Use Transport-Layer-Security to send encrypted queries
 
The choosen protocol will be the same for all used servers.
 
### Enable Safe Search
For those of you who are running IPFire in a school or at home with children, you can now enable Safe Search for multiple search engines and YouTube. If Safe Search is enabled, all adult and violent content will be filtered in the search results.
 
### QNAME Minimisation
To protect your privacy, the DNS proxy inside IPFire strips away any part of the domain name that is not required to resolve the query.
 
This feature is enabled by default and can be switched from the standard to the stricter mode which works according to RFC 7816, but might make some records unresolvable if the upstream name server does not respond according to the standard.
 
![](dns_config.png)
![](./dns_config.png)