doc/nedge/src/dns.rst
nEdge can enforce specific DNS servers to be used by LAN devices and provides some presets with secure DNS servers, which provide an additional security against malware sites.
The DNS servers configured in the Global DNS section of the DNS Configuration
tab are used in the following cases:
If the Enforce Global DNS option is enabled, nEdge will enforce the use of the
specified DNS servers even if the clients configure their DNS servers manually.
The presets provide a list of Secure DNS servers that can be chosen, otherwise it is possible to specify 'Custom' DNS servers manually.
.. figure:: img/global_dns.png :align: center :alt: Global DNS
Global DNS configuration
The Child Safe DNS is the DNS used for users which are marked with the Child Safe
option.
.. figure:: img/child_dns.png :align: center :alt: Child DNS
Child DNS configuration
Such DNS can protect the children from inappropriate adult content.
Note: nEdge will always enforce the use of such a DNS for all the child safe users, even if they manually change their DNS servers.
Due to a bug_ into the kernel, there is an issue with the DNS resolver of some versions of glibc, which causes a client program to stuck for about 5 seconds when performing A and AAAA DNS requests using the same socket. This can be verified with the following command:
conntrack -S
When the issue occurs, the command above will increase the insert_failed counter.
A temporary solution to the issue is to force glibc to use a different socket for the AAAA request.
On a Linux client, this can be done by adding the following line to /etc/resolv.conf:
options single-request-reopen
.. _bug: https://www.weave.works/blog/racy-conntrack-and-dns-lookup-timeouts