Comma-separated DNS list not allowed

**czeus** · 08-27-2021, 03:46 PM

Hello Untangle Community,

Is using a comma-separated IP list in the DNS server field no longer supported as stated here?

https://support.untangle.com/hc/en-u...Server-Entries

When I attempt this, I receive the error shown below. This occurs when the interface is set to Static or DHCP...

untangle-dns-list2.jpeg

**sky-knight** · 08-27-2021, 05:22 PM

No spaces!

**czeus** · 08-27-2021, 06:27 PM

Originally Posted by sky-knight

No spaces!

None - here is the error along with the config pane (image is too large for the forum system)...

**donhwyo** · 08-27-2021, 07:55 PM

Put the 8.8.8.8 as the secondary dns.

**czeus** · 08-27-2021, 08:05 PM

Originally Posted by donhwyo

Put the 8.8.8.8 as the secondary dns.

Thanks and I do understand that there is a secondary DNS field but this limits the user to having at most 2 DNS servers. Without getting into any debate re: needing 3+ DNS servers, this is a very common feature on FWs. For example, Checkpoint, Sophos (several devices), pfSense + its forks, etc., all have this.

Further, my goal is to determine if what UT published is accurate - that an IP list can populate the DNS server field much like is allowed in rule definitions.

**jcoffin** · 08-27-2021, 09:15 PM

Multiple entries on one field were never supported. Oddly the screen capture in the article shows the field red since it is an invalid format.

**sky-knight** · 08-27-2021, 10:13 PM

Yeah I misread that. The GUI doesn't support more than 2 DNS Servers. However, the platform itself suffers no such limitation.

Untangle uses DNSMasq for DNS and DHCP services.

As such, you can simply add an arbitrary number of server= directives to supply DNSMasq with any number of DNS servers you require.
You can also push as many as you want via DHCP option 6, you just have to manually do so.

Config -> Network -> Advanced -> DHCP & DNS

You can put...

Code:

server=1.1.1.1
server=2.2.2.2
server=3.3.3.3

And DNSMasq will use them. It will have a line for each DNS IP configured on any WAN interface already as well.

The DNS Override box on each LAN's DHCP scope can accept a comma separated list already. So it's only adding additional DNS servers to the platform that requires the work around. Also, note... Linux doesn't care about interfaces when it comes to DNS servers, so you want to ensure all DNS servers are available via all WANs... if you fail to observe this you will have DNS timeouts. Because again... Linux.

**czeus** · 08-27-2021, 10:42 PM

Originally Posted by sky-knight

Linux doesn't care about interfaces when it comes to DNS servers

Nor really should it...

Given this is Deb, I figured some CLI hack might be required but before heading down that road, I wanted to see if (a) it plain didn't work; and (b) if the UT articles are inaccurate which, as with the many UT wiki articles I've come across recently, appears to be the case...

As always, thanks for the info...

Thread: Comma-separated DNS list not allowed

LinkBack

Thread Tools

Comma-separated DNS list not allowed

Posting Permissions