Hi everyone, although I configured in Foris DNS forwarding using cz.nic (TLS) nameserver, LUCI shows in the IP4 WAN status the usage of the DNS severs of the network provider. What is wrong and how can I reliably configure the usage of external nameservers?
Seconds question: Are there any options to configure other DNSSEC servers which are not preconfigured in the FORIS menue?
Thanks in advance for some supporting assistance.
Best regards Harry
Hi Harry,
I wonder how you configured that in Foris?!
AFAIK there i no option for a different DNS IP in Foris, you can only tick in DNS forwarding and that means exactly what just happened, that you pass the dns resolving task to your ISP. So if you dont want that dont tick in the forwarding feature.
1 Like
I’d ignore anything about DNS in luci. That interface is built around the assumption that only dnsmasq can be used for DNS, and no Turris router does that by default (but luci is kept).
First, we validate DNSSEC locally on Omnia, so the servers you forward to don’t really need to be trusted in that respect, only they shouldn’t break the data required for validation, otherwise there could be failures. On the other hand, you need to trust them with privacy.
I believe there’s no “trivial” way for other options. You can uncheck forwarding and configure that manually. Adding config is described on wiki, and it’s sufficient to adapt e.g. this snippet:
policy.add(policy.all(
policy.TLS_FORWARD({
{'1.1.1.1', hostname='cloudflare-dns.com' },
{'1.0.0.1', hostname='cloudflare-dns.com' },
})
))
At least I hope I forgot nothing. Details of config are in upstream manual, but I don’t expect you’d need any more tweaks if you just want to forward everything…
wtf is that option? I dont have that in my gui?:
No forwarder here…
How did you get that drop down menu?
You have to tick “use forwarding” 
1 Like
Ah true, indeed, sry 