Business CommunityControllersDNS Proxy Issue
Controllers

DNS Proxy Issue

12

DNS Proxy Issue

DNS Proxy Issue
DNS Proxy Issue
2026-01-29 01:15:52 - last edited 2026-03-31 03:43:14
Tags: #Controller #DNS

Hi,

 

I won't say this isn't me, but wink

 

I am setting the Gateway DNS Proxy, to re-route all requests to my (internal) DNS server. If I point to my server using DNS Override, it works great (I only have 1 network, selecting that one). But ... if I try to use DNSSEC or DoT, it doesn't seem to - but I can confirm (using dig), that DNS requests to that same server do work with DNSSEC or DoT. Is this a known bug?

 

Thanks!

  0      
0
#1
Options
2 Accepted Solutions
Re:DNS Proxy Issue-Solution
2026-02-05 06:55:22 - last edited 2026-03-31 03:43:14

Hi  @arrmo 

 

Could you please let us know what type of controller you are using?

We recommend submitting a support ticket via email for efficient assistance.
Please include the following information in the email:
1. This Forum ID 856282;
2. your community nickname;
3. The type of controller you are using;
4. The config file of the controller.

Wish you a happy life and smooth network usage!  Help Us Improve - Omada AP Installation Guide >Get the Latest Omada SDN Controller Releases Here< >Get the Latest Firmware Releases for Omada Routers Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
0
#6
Options
Re:DNS Proxy Issue-Solution
Yesterday - last edited Yesterday

  @arrmo 

 

All these options simply send port 53 DNS requests somewhere else.

 

DNS Override just forwards the original port 53 request to another server which can be inside or outside your network

 

The other 'Proxy' options (DNSSEC, DoT and DoH) repackage the unencrypted Port 53 DNS request into the selected secure format and then forward it to your chosen proxy,  then receives the encrypted response, unpacks it and sends the unencrypted response back to the originating device on port 53.

 

So, NONE of these options will forward, redirect or proxy DNSSEC, DoT or DoH requests (because you can't without impersonating the SSL cert of each provider)

Recommended Solution
  0  
0
#13
Options
13 Reply
Re:DNS Proxy Issue
2026-01-29 09:33:30 - last edited 2026-01-29 09:35:52

Hi  @arrmo 

 

Thanks for posting here.

To better understand the situation, please let us know the following info:
1. A screenshot of the Device page of the controller, showing the firmware version of the SDN devices;
2. What kind of controller are you using? What's the firmware version?
3. The screenshots of the involved config pages;

4. Some screenshots, or other info indicating how the server didn't work when using DNSSEC or DoT

Wish you a happy life and smooth network usage!  Help Us Improve - Omada AP Installation Guide >Get the Latest Omada SDN Controller Releases Here< >Get the Latest Firmware Releases for Omada Routers Here< >Experience the Latest Omada EAP Firmware<
  0  
0
#2
Options
Re:DNS Proxy Issue
2026-01-29 12:32:21

  @Vincent-TP Of course, NP at all! Here is the info, please let me know what else you need,

1) The devices,

 

2) OC220 v1.0.  And firmware (BTW, it's odd that this info shows up twice on the same UI page ... perhaps fix this?)

Current Version: 1.3.10 Build 20260117 Rel.83568 (Release Candidate)

 

3) Gateway DNS

 

4) This is found using nslookup or dig, for internal DNS entries. If I use DNS Override, these work, so I know the query is going to the internal DNS server. Not so for DoT or DNSSEC. And if I nslookup or dig directly to that internal server (DNSSEC, DoT or regular DNS), it works. So I can tell the query is only getting there with DNS Override set on the Gateway.

 

Make sense? Thanks!

  0  
0
#3
Options
Re:DNS Proxy Issue
2026-02-04 03:17:21

Hi  @arrmo 

 

Thanks for the reply.

 

Because the DNS server and the router are on the same network segment, DNS queries may not be routed through the router. Please try setting the server to a different network segment.

Wish you a happy life and smooth network usage!  Help Us Improve - Omada AP Installation Guide >Get the Latest Omada SDN Controller Releases Here< >Get the Latest Firmware Releases for Omada Routers Here< >Experience the Latest Omada EAP Firmware<
  0  
0
#4
Options
Re:DNS Proxy Issue
2026-02-04 19:46:10

  @Vincent-TP That's not really possible - I only have one subnet on my LAN ;). Why would this be limited? DNS Override does work, why the difference?

 

Thanks!

  0  
0
#5
Options
Re:DNS Proxy Issue-Solution
2026-02-05 06:55:22 - last edited 2026-03-31 03:43:14

Hi  @arrmo 

 

Could you please let us know what type of controller you are using?

We recommend submitting a support ticket via email for efficient assistance.
Please include the following information in the email:
1. This Forum ID 856282;
2. your community nickname;
3. The type of controller you are using;
4. The config file of the controller.

Wish you a happy life and smooth network usage!  Help Us Improve - Omada AP Installation Guide >Get the Latest Omada SDN Controller Releases Here< >Get the Latest Firmware Releases for Omada Routers Here< >Experience the Latest Omada EAP Firmware<
Recommended Solution
  0  
0
#6
Options
Re:DNS Proxy Issue
2026-02-06 00:59:06 - last edited 2026-02-06 01:00:25

  @Vincent-TP OK ,will do. The controller is ER707-M2. Sorry, my bad! That's the firewall LOL. Controller is OC220.

  0  
0
#7
Options
Re:DNS Proxy Issue
2026-05-06 00:48:47

  @arrmo FYI, I submitted an email request, never any response :( 

  0  
0
#8
Options
Re:DNS Proxy Issue
3 weeks ago
You cannot redirect DNS requests that use TLS security because the initial handshake will fail, eg. a DoT request to a Google server gets redirected to your internal server. Since your server does not have an SSL cert identifying it as the Google server the initial request was sent to, it will fail (as it should...)
  0  
0
#9
Options
Re:DNS Proxy Issue
2 weeks ago

  @Tescophil But DNS Override works fine, also with TLS?

 

Thanks!

  0  
0
#10
Options
Re:DNS Proxy Issue
2 weeks ago

  @arrmo Like I said, you cannot redirect (override) any DNS requests that use TLS, i.e. DNSSEC, DoT or DoH

  0  
0
#11
Options
12

Information

Helpful: 0

Views: 949

Replies: 13

Tags

Controller DNS