Configure DNS Servers

First, configure the DNS servers on the firewall.

Warning: When the firewall uses DNS over TLS, every DNS server used by the firewall must support DNS over TLS.
  • Navigate to System > GeneralLocate the DNS Server Settings SectionAdd or replace entries in the DNS Servers section such that only the chosen DNS over TLS servers are in the list.

Address IP address of an upstream DNS Server providing DNS over TLS service (e.g. 1.1.1.1).

Hostname Hostname of the same upstream DNS Server in the Address field, used for TLS certifi- cate validation (e.g. cloudflare-dns.com).

Warning: The hostname is technically optional but dangerous to omit. The DNS Resolver must have the hostname to validate that the correct server is providing a given response. The response is still encrypted without the hostname, but the DNS Resolver has no way to validate the response to determine if the query was intercepted and answered by a third party server (Man-in-the-Middle attack).
  • Click             Add DNS Server and repeat the previous step as needed for each available DNS server.
    • Uncheck Allow DNS server list to be overridden by DHCP/PPP on WAN as this may add DNS servers to the configuration which do not support DNS over TLS.
    • Click Save

Use Example DNS Server list for DNS over TLS from Cloudflar as a reference for the settings on this page.


Fig. 1: Example DNS Server list for DNS over TLS from Cloudflar
© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.