How to configure DNS Proxy on the Omada Gateway
Contents
Configuration for A Normal DNS Proxy
Configuration for A Secure DNS Proxy
This article mainly introduces the mode and configuration of the DNS Proxy function of the Omada Gateways.
- Omada Controller (software Controller / hardware Controller / CBC, V5.8 and above)
- Omada Gateway
The DNS Proxy function can work in two modes, which cannot take effect simultaneously.
- Normal DNS Proxy: Normal DNS requests from the client to the gateway are proxied to the DNS server configured on the WAN port, and the received normal DNS responses are forwarded to the client.
- Secure DNS Proxy: The normal DNS request sent from the client to the gateway is added with security extension (DNSSEC) or encryption (DoT/DoH) and sent to a specially configured DNS server, and the received normal DNS responses that have passed security verification (DNSSEC) or decryption (DoT/DoH) are forwarded to the client.
Configuration for A Normal DNS Proxy
This section will introduce the configuration for a normal DNS Proxy.
Step 1. On the controller’s management page, go to Settings > Wired Networks > Internet, and click the Edit button of the WAN port connecting to the ISP to enter its configuration page. Choose the dial-up method according to the access method provided by the ISP, then fill in the IP addresses of the DNS servers you want to use in the Primary DNS Server/Secondary DNS Server fields, such as 8.8.8.8/8.8.4.4 for public DNS servers.
Step 2. Go to Devices > Gateway > Details, and click the corresponding WAN port to view the obtained DNS server.
If Primary DNS/Secondary DNS was not configured in Step 1, the displayed DNS server will be the one automatically obtained through dial-up.
Step 3. Make sure that the LAN network is not manually configured with a DNS server. Go to Wired Networks > LAN and select the corresponding LAN network to ensure that the DNS Server is configured as Auto. Also, confirm that the DNS server obtained by the client PC’s network adapter is the LAN IP address, such as 192.168.0.1.
Configuration for A Secure DNS Proxy
Note: The secure DNS proxy performs security verification based on the real time. Ensure that the controller’s system time is synchronized with the NTP server.
Step 1. On the Controller management page, go to Settings > Site > Site Configuration > Time Zone to confirm the time zone is correct.
Step 2. In Global View, go to Settings > System Settings to check the controller’s time.
Step 3. Choose the secure DNS Proxy feature you want to use.
Omada gateways offer three secure DNS Proxy features: DNSSEC, DOH, and DOT. Please note that they cannot take effect simultaneously, so choose the feature that suits your needs.
- DNSSEC. Go to Settings > Services > DNS Proxy to enable the DNS Proxy, select DNSSEC as the Proxy Type, and set your desired DNS server (e.g., Google's DNS server - 8.8.8.8 and 8.8.4.4). Ensure that your custom DNS server supports DNSSEC security validation; otherwise, it won't proxy DNS requests unless you configure Action Bogus Replies as Pass. If Action Bogus Replies is configured as Drop, it will discard DNS responses that fail DNSSEC security validation.
- DOH. Go to Settings > Services > DNS Proxy to enable the DNS Proxy, select DOH as the Proxy Type, select your desired default or custom DNS server, and click Save. If you want to customize a DNS server, follow the format shown in the above image. Ensure that the DNS server you input supports DOH.
- DOT. Go to Settings > Service > DNS Proxy to enable the DNS Proxy, select DOT as the Proxy Type, select your desired default or custom public DNS server, and click Save. Note that DOT DNS servers only support IP address types, and ensure that the server you input supports DOT.
Step 4. Make sure that the LAN network is not manually configured with a DNS server. Go to Wired Networks > LAN and select the corresponding LAN network to ensure that the DNS Server is configured as Auto. Also, confirm that the DNS server obtained by the client PC’s network adapter is the LAN IP address, such as 192.168.0.1.
The content above introduces the detailed configuration steps of the DNS Proxy function on the Omada Gateways.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Why can't I access the internet after configuring a normal DNS proxy?
Re. First, confirm your network connectivity. Then, use the following command in your PC's cmd tool to verify that the DNS server you configured is working correctly: nslookup + domain name + DNS server.
For example: nslookup www.google.com 8.8.8.8
Why can't I access the internet after configuring a secure DNS proxy?
Re. First, confirm your network connectivity.
Then, make sure that the time on your gateway is synchronized with that of your time zone. If you are using a custom DNS server, ensure that it supports the DNSSEC/DOH/DOT features. If you are not sure about this, try using the default DNS server.