How to configure DNS Proxy on the Omada Gateway
G36W-4G , ER8411 , ER7206( V1 V2 ) , ER707-M2 , G36 , ER706W-4G , ER7406 , ER706W , ER605( V2 ) , G611
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device and check either the Datasheet or the firmware section for the latest improvements added to your product.
Contents
Configuration for A Normal DNS Proxy
Configuration for A Secure DNS Proxy
This article mainly introduces the mode and configuration of the DNS Proxy function of the Omada Gateways.
- Omada Controller (software Controller / hardware Controller / CBC, V5.8 and above)
- Omada Gateway
The DNS Proxy function can work in two modes, which cannot take effect simultaneously.
- Normal DNS Proxy: Normal DNS requests from the client to the gateway are proxied to the DNS server configured on the WAN port, and the received normal DNS responses are forwarded to the client.
- Secure DNS Proxy: The normal DNS request sent from the client to the gateway is added with security extension (DNSSEC) or encryption (DoT/DoH) and sent to a specially configured DNS server, and the received normal DNS responses that have passed security verification (DNSSEC) or decryption (DoT/DoH) are forwarded to the client.
Configuration for A Normal DNS Proxy
This section will introduce the configuration for a normal DNS Proxy.
Step 1. On the controller’s management page, go to Settings > Wired Networks > Internet, and click the Edit button of the WAN port connecting to the ISP to enter its configuration page. Choose the dial-up method according to the access method provided by the ISP, then fill in the IP addresses of the DNS servers you want to use in the Primary DNS Server/Secondary DNS Server fields, such as 8.8.8.8/8.8.4.4 for public DNS servers.
Step 2. Go to Devices > Gateway > Details, and click the corresponding WAN port to view the obtained DNS server.
If Primary DNS/Secondary DNS was not configured in Step 1, the displayed DNS server will be the one automatically obtained through dial-up.
Step 3. Make sure that the LAN network is not manually configured with a DNS server. Go to Wired Networks > LAN and select the corresponding LAN network to ensure that the DNS Server is configured as Auto. Also, confirm that the DNS server obtained by the client PC’s network adapter is the LAN IP address, such as 192.168.0.1.
Configuration for A Secure DNS Proxy
Note: The secure DNS proxy performs security verification based on the real time. Ensure that the controller’s system time is synchronized with the NTP server.
Step 1. On the Controller management page, go to Settings > Site > Site Configuration > Time Zone to confirm the time zone is correct.
Step 2. In Global View, go to Settings > System Settings to check the controller’s time.
Step 3. Choose the secure DNS Proxy feature you want to use.
Omada gateways offer three secure DNS Proxy features: DNSSEC, DOH, and DOT. Please note that they cannot take effect simultaneously, so choose the feature that suits your needs.
- DNSSEC. Go to Settings > Services > DNS Proxy to enable the DNS Proxy, select DNSSEC as the Proxy Type, and set your desired DNS server (e.g., Google's DNS server - 8.8.8.8 and 8.8.4.4). Ensure that your custom DNS server supports DNSSEC security validation; otherwise, it won't proxy DNS requests unless you configure Action Bogus Replies as Pass. If Action Bogus Replies is configured as Drop, it will discard DNS responses that fail DNSSEC security validation.
- DOH. Go to Settings > Services > DNS Proxy to enable the DNS Proxy, select DOH as the Proxy Type, select your desired default or custom DNS server, and click Save. If you want to customize a DNS server, follow the format shown in the above image. Ensure that the DNS server you input supports DOH.
- DOT. Go to Settings > Service > DNS Proxy to enable the DNS Proxy, select DOT as the Proxy Type, select your desired default or custom public DNS server, and click Save. Note that DOT DNS servers only support IP address types, and ensure that the server you input supports DOT.
Step 4. Make sure that the LAN network is not manually configured with a DNS server. Go to Wired Networks > LAN and select the corresponding LAN network to ensure that the DNS Server is configured as Auto. Also, confirm that the DNS server obtained by the client PC’s network adapter is the LAN IP address, such as 192.168.0.1.
The content above introduces the detailed configuration steps of the DNS Proxy function on the Omada Gateways.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Why can't I access the internet after configuring a normal DNS proxy?
Re. First, confirm your network connectivity. Then, use the following command in your PC's cmd tool to verify that the DNS server you configured is working correctly: nslookup + domain name + DNS server.
For example: nslookup www.google.com 8.8.8.8
Why can't I access the internet after configuring a secure DNS proxy?
Re. First, confirm your network connectivity.
Then, make sure that the time on your gateway is synchronized with that of your time zone. If you are using a custom DNS server, ensure that it supports the DNSSEC/DOH/DOT features. If you are not sure about this, try using the default DNS server.
Is this faq useful?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
We'd love to get your feedback, please let us know how we can improve this content.
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au