Community Forum

Resolved
0 votes
Hello all.
New to ClearOS and when I click on Gateway management I see the following warning/notice and am not sure exactly what is means:


Internal DNS Configured
ClearOS is configured with DNS on the LAN. That server will not be protected.


Which "that server" is it referring to and what are the implications, and do I need to change anything??

Thanks in advance
Tracy
New Zealand
Tuesday, July 10 2018, 05:39 AM
Share this post:
Responses (17)
  • Accepted Answer

    Sunday, July 15 2018, 12:43 AM - #Permalink
    Resolved
    0 votes
    Thanks for clarifying that Nick. No I don't have an internal DNS server so I will set my ClearOS server to use external DNS (i am finding the new cloudflare ones are fast) and point my internal clients to the CLearOS server for DNS.

    cheers
    Tracy

    Nick Howitt wrote:

    Prone Shooter wrote:

    thanks guys... which doc did you update Nick?

    cheers
    Tracy
    In the Webconfig > Gateway > Filtering > Gateway Management page, click on the little book icon on the top right-hand side. That is the documentation icon. Or you can go in via the resources menu on the forum pages.

    The set up you want is:
    If you have a DNS server on your LAN, it should be configured to directly query external DNS servers
    ClearOS can be set up to use your internal DNS server
    All other devices must be set up to query ClearOS as its DNS server

    Gateway Management is a DNS tool so in order for it to be effective, devices must use it directly.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, July 14 2018, 07:48 AM - #Permalink
    Resolved
    0 votes
    Prone Shooter wrote:

    thanks guys... which doc did you update Nick?

    cheers
    Tracy
    In the Webconfig > Gateway > Filtering > Gateway Management page, click on the little book icon on the top right-hand side. That is the documentation icon. Or you can go in via the resources menu on the forum pages.

    The set up you want is:
    If you have a DNS server on your LAN, it should be configured to directly query external DNS servers
    ClearOS can be set up to use your internal DNS server
    All other devices must be set up to query ClearOS as its DNS server

    Gateway Management is a DNS tool so in order for it to be effective, devices must use it directly.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, July 13 2018, 11:57 PM - #Permalink
    Resolved
    0 votes
    Roger Peters wrote:
    2. DNS queries to your internal DNS server should only be allowed from your ClearOS device.


    Hi Roger :)

    So to clarify, if my internal DNS server is my ClearOS server then only IT should be querying itself for DNS ?

    So my windows PCs SHOULDN'T be using the clearos server?

    Sorry I'm probably being a bit slow here but my only other UTM experience is with our companies Fortigate firewall UTM and Untangle.

    cheers
    Tracy
    The reply is currently minimized Show
  • Accepted Answer

    Friday, July 13 2018, 11:52 PM - #Permalink
    Resolved
    0 votes
    thanks guys... which doc did you update Nick?

    cheers
    Tracy
    The reply is currently minimized Show
  • Accepted Answer

    Friday, July 13 2018, 08:11 PM - #Permalink
    Resolved
    0 votes
    @Roger,
    I've update the docs with a note reflecting your post.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, July 13 2018, 01:14 PM - #Permalink
    Resolved
    0 votes
    It looks like I should provide some additional clarification.

    There are a few steps you need to take to make sure Gateway Management rules will be used:
    1. Your DHCP configuration should give the ClearOS device's IP for DNS.
    2. DNS queries to your internal DNS server should only be allowed from your ClearOS device.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 12 2018, 09:45 PM - #Permalink
    Resolved
    0 votes
    .... but then there is no point having Gateway Management
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 12 2018, 09:30 PM - #Permalink
    Resolved
    0 votes
    If you do not want to apply filtering to your DNS server, you can ignore the message.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 12 2018, 08:50 PM - #Permalink
    Resolved
    0 votes
    Thanks Roger :)

    So basically I can ignore that message??

    cheers
    Tracy
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, July 12 2018, 06:38 PM - #Permalink
    Resolved
    0 votes
    That message appears when ClearOS has been configured to use a DNS server on your internal network. Generally Gateway Management intercepts all DNS queries that come through it. If ClearOS were to intercept DNS queries from your internal DNS server, the systems would recursively query each other and it would not complete.

    What happens in this situation is an exception is created for the IP address of your DNS server. Any DNS queries it makes to the Internet will pass through Gateway Management and will go to the Internet unfiltered.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, July 11 2018, 09:36 PM - #Permalink
    Resolved
    0 votes
    I haven't tried that version before. I'll see if I can load it up tomorrow.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, July 11 2018, 08:44 PM - #Permalink
    Resolved
    0 votes
    Using the community version.

    the message appears on the management dashboard when I log in
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, July 11 2018, 07:44 AM - #Permalink
    Resolved
    0 votes
    Where exactly are you seeing the message? Are you using the Business or Community version?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 10 2018, 09:36 PM - #Permalink
    Resolved
    0 votes
    I was using that set up with the DNS of the clearOS server as the default issued by DHCP but changed it however even when it was using the clearOS server I got that message/notice.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 10 2018, 09:01 PM - #Permalink
    Resolved
    0 votes
    AFAIK, Gateway Management leverages OpenDNS and the usual set up would be for the ClearOS DHCP server to give out its own LAN IP as the DNS server. In this way it will then use Gateway Management otherwils the DNS may be bypassing it. There are a cute couple of iptables rules you can use if necessary to redirect DNS lookups from the LAN through to the server rather than reconfiguring a lot of LAN devices:
    # Redirect DNS traffic through the server
    $IPTABLES -t nat -I PREROUTING -p tcp --dport 53 ! -d your_ClearOS_LAN_IP -i your_ClearOS_LAN_interface -j DNAT --to-destination your_ClearOS_LAN_IP
    $IPTABLES -t nat -I PREROUTING -p udp --dport 53 ! -d your_ClearOS_LAN_IP -i your_ClearOS_LAN_interface -j DNAT --to-destination your_ClearOS_LAN_IP
    These are in the format needed for custom firewall rules. To test them at the command line, change "$IPTABLES" to "iptables".
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 10 2018, 08:38 PM - #Permalink
    Resolved
    0 votes
    Hey Nick :)

    No I use the new cloudflare DNS servers on my devices and ADSL router

    1.1.1.1 and 1.0.0.1
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, July 10 2018, 07:20 AM - #Permalink
    Resolved
    0 votes
    I am not sure of the message either, but how do you manage DNS on your LAN? Do you use ClearOS as your DNS server on your LAN devices or do you have a separate DNS server?
    The reply is currently minimized Show
Your Reply