Hi !
I have question regarding DNS forwarding service.
4 zone setup (WAN, DMZ, LAN) + local router zone.
set zone-policy zone ZONE_ROUTER_LOCAL local-zone
All traffic enabled from local-zone to all other zones.
All trafiic enabled from LAN to local-zone
DNS forwarding listen interfaces DMZ and LAN.
Web page loading from LAN time to time have long-time lags because of DNS forwarding problems. This is clearly problem with DNS - ping 8.8.8.8 (or target servers) shows no problems or timeouts. Additionally, changing DNS server on LAN PCs from 192.168.0.1 to 8.8.8.8 eliminates page loading lags.
I suspect this is because DNS forwarding service treats router with local zone defined as device with separate interface. Please correct if I’m wrong here.
set service dns forwarding listen-on lo
also eliminates lags and delays with web page loading from LAN PCs.
Another question - I’m going to setup my own DNS server on DMZ with DNAT from WAN to DMZ. Will this DNAT interfere with DNS forwarding service, should I remove eth2 DMZ from “listen-on” interfaces?
I would prefer to know internals to make it work now and with future versions rather to apply quick hacks.
Thanks in advance.