- Home »
- FAQ »
- Security »
- Content Security Management (CSM) »
- DNS Filter doesn't work when using Internal DNS server, what can I do?
DNS Filter doesn't work when using Internal DNS server, what can I do?
DNS Filter is the feature to filter HTTPS websites by examining and intercepting the DNS queries. Some network administrators may setup their own DNS server for private domains and force LAN clients to use the internal DNS server. However, they will find DNS Filter won’t work in this scenario. It is because Vigor router will not receive the DNS query from LAN client anymore; DNS query and DNS response are transferred between LAN client and the internal DNS server directly, not through Vigor Router.
To solve this issue, we suggest to:
- Force LAN clients to use public DNS server.
- Use DNS Forwarding to forward the DNS query to private domain names to the internal DNS server.
Force LAN Clients to Use Public DNS Server
Go to LAN >> General Setup page, click Details Page of LAN1, enter the public DNS server IP for LAN DHCP clients.
Set Up DNS Forwarding
Go to Applications >> LAN DNS / DNS Forwarding page, click an index to create a LAN DNS Forwarding profile.
a. Select Conditional DNS Forwarding tab
b. Tick Enable
c. Enter Profile name
d. Enter the private Domain Name, use asterisk as wildcard, to list subdomain, such as *.example.com
e. Enter the internal DNS server IP which can resolve the configured domain names in DNS Server IP Address
f. Click OK to save it
After finishing above configuration, the DNS queries from LAN clients will be handled by router, DNS Filter can work to filter the HTTPS websites, and the DNS Forwarding will forward the queries of internal domain to the internal DNS server. So the LAN clients can access the internal domain and be inspected by the DNS Filter at the same time.