18.6. DNS

You can find the DNS Settings at Services → DNS.

The Domain Name System is mainly used to translate more readable domain names to their numerical IP addresses.

18.6.1. General Settings

On the page the DNS server can be enabled or disabled. You can change Interfaces In and Interfaces Out and on which Port DNS runs on. The Local Zone Type can be configured and is on Transparent by default. The option DNSSEC controls the Domain Name System Security Extensions and if PTR Records is enabled, PTR Records for Host Overrides get added automatically. DHCP Registration will register the DHCP leases in the DNS server, while Static DHCP Registration will register the DHCP Host Reservations in the DNS server.

By default the DNS Server queries the DNS Root servers and is not forwarding traffic to other servers. If DNS Forward is enabled, you can add multiple DNS Forward Servers with an IP address for each and those are used instead of the Root Servers.

18.6.2. Advanced Settings

Hide Identity if enabled id.server and hostname.bind queries are refused.

Hide Version if enabled version.server and version.bind queries are refused.

Unwanted Reply Threshold if set, a total number of unwanted replies is kept track of in every thread. When it reaches the threshold, a defensive action is taken and a warning is printed to the log.

TTL for Host Cache Entries Time to live for entries in the host cache. The host cache contains roundtrip timing, lameness and EDNS support information.

Number of Queries per Thread the number of queries that every thread will service simultaneously.

Jostle Timeout timeout used when the server is very busy. Set to a value that usually results in one roundtrip to the authority servers.

Harden DNSSEC Data require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes bogus.

DNS Server Override allow DNS server list to be overridden by DHCP/PPP on WAN.

Custom Options custom configuration parameters can be defined here. Please refer to the Unbound documentation at Unbound.

18.6.3. Host Overrides

They allow the configuration of a specific DNS entry for a particular host.

18.6.4. Domain Overrides

They allow the configuration of a specific DNS server for a particular domain.

18.6.5. Blacklist

Since most web traffic is encrypted the most effective way to block access to websites is DNS blacklisting. It will send a fake IP back to your client for a domain.

VT AIR uses list of domains in a few categories for you to choose or you can add your own domains and hostnames.

18.6.5.1. Categories

Blacklist Categories allow you to block hosts by different categories.

You can select from the categories: Fakenews, Social, Gambling and Porn. The category Adware and Malware is enabled by default and can’t be disabled. Update Interval is set to weekly by default and can be changed to daily or monthly.

18.6.5.2. Custom

Multiple Custom Blacklist entries can be added with a hostname or domains. Each one can be enabled or disabled, independently from the categories.

All subdomains of the entered domain or hostname will be included in the blacklist.