Configure DNS for Locations
Learn how to configure your DNS settings to point to CyberFOX DNS for faster, more secure internet browsing.
Table of Contents
This article outlines some of the most common and effective ways to configure your network to use CyberFOX DNS Filtering. Whether you manage a small office, a school, or a larger enterprise environment, these methods are designed to help you enforce safe and reliable DNS resolution across your entire network.
CyberFOX DNS Filtering works by intercepting DNS queries and blocking access to malicious, inappropriate, or unwanted content before it reaches your users. By configuring your network to forward DNS traffic to CyberFOX’s secure servers, you gain centralized control over internet access and enhance your network’s protection against online threats.
The configuration method you choose will depend on your network’s size, structure, and existing hardware. This guide provides practical examples and best practices for setting up DNS forwarding at the router, firewall, or DHCP server level, ensuring that all devices on your network benefit from CyberFOX’s filtering capabilities.
Important Configuration Guidelines
Avoid Mixing DNS Providers
- Many devices use round-robin DNS resolution, meaning they alternate between listed DNS servers.
- If you include non-CyberFOX DNS servers, some queries may bypass filtering.
- Only use CyberFOX DNS servers in your configuration:
- 34.196.202.175
- 54.80.208.248
Do Not Assign DNS Directly to Client Devices
- Assigning CyberFOX DNS IPs directly to endpoints can break access to local resources (e.g., printers, file servers, internal domains).
- Instead, configure DNS forwarding at the router, firewall, or DHCP server level.
- This ensures:
- Proper resolution of local hostnames.
- Centralized control and consistent filtering.
Configuring CyberFOX DNS on a Router
Setting CyberFOX DNS IPs directly on your router is a simple and effective way to enforce DNS filtering in smaller environments, such as:
- Home or small office networks
- Personal use
- Locations without local user authentication
In this setup, the router acts as a DNS forwarder. All DNS queries from connected devices are sent to the router, which then forwards them to CyberFOX’s DNS servers for resolution.
How It Works
- Devices on your network send DNS requests to the router.
- The router forwards those requests to:
- Primary DNS: 34.196.202.175
- Secondary DNS: 54.80.208.248
Configuration Notes
- The exact steps to update DNS settings vary by router brand and model.
- Typically, you’ll find DNS settings under sections like:
- Network Settings
- Internet Settings
- LAN/DHCP Settings
Tip: After updating the DNS settings, reboot the router and connected devices to ensure the new configuration takes effect.
Configure the DHCP Server
Using your DHCP server to assign CyberFOX DNS IPs is a flexible and scalable way to enforce filtering across your network, especially when using NAT IPs to apply different filtering policies to different subnets.
This method is ideal for environments such as:
- Public or guest Wi-Fi networks
- Networks without local resources (e.g., no printers, file servers, or internal domains)
- Networks using NAT IPs to apply multiple filtering policies
How It Works
When you configure DNS forwarding through the DHCP server:
- Devices automatically receive CyberFOX DNS IPs when they connect to the network.
- All DNS queries from those devices are sent directly to:
- Primary DNS: 34.196.202.175
- Secondary DNS: 54.80.208.248
Note: This setup bypasses local DNS resolution. Devices will not be able to resolve local hostnames (e.g., Server1, Finance-Printer). This is usually acceptable on guest networks or in environments without internal services.
If you have local hostnames that need to be resolved at a location, use a Domain Override to add an IP forwarder.
Configuration Tips
- DHCP configuration steps vary by manufacturer. Refer to your device’s documentation for instructions on setting custom DNS servers.
- On many routers, this setting is found under the DHCP Server or LAN Settings section.
- Be sure not to mix DNS providers—only use CyberFOX DNS IPs to ensure consistent filtering.
Firewall
To ensure all DNS traffic on your network is filtered through CyberFOX DNS, you can configure your firewall to redirect all DNS queries, even if users attempt to bypass filtering by changing their DNS settings.
This setup is especially useful in environments such as:
- School or educational networks
- Networks with ISP-level transparent DNS proxies
- Offices or public spaces where users can modify DNS settings
The objective is to force all DNS traffic (TCP/UDP on port 53) to go through CyberFOX DNS servers, regardless of the DNS settings on individual devices. To do this, you’ll need to create a NAT (Network Address Translation) or port forwarding rule on your firewall to redirect all DNS traffic to the CyberFOX DNS IPs:
- Primary DNS: 34.196.202.175
- Secondary DNS: 54.80.208.248
Example: Generic Firewall Rule
Create two NAT or port-forwarding rules—one for each DNS server.
Setting | Value |
---|---|
Interface | LAN (or internal network interface) |
Protocol | TCP/UDP |
Source | Internal network (e.g., 192.168.1.0/24) |
Source Port | Any |
Destination | Any |
Destination Port | 53 |
Redirect Target IP | 34.196.202.175 (first rule), 54.80.208.248 (second rule) |
Redirect Target Port | 53 |
Description | Redirect DNS to CyberFOX DNS |
Tip: You can load balance or prioritize one DNS server over the other depending on your firewall’s capabilities.
Important Considerations
- Packet Size: DNS packets can exceed the traditional 512-byte limit. Ensure your firewall allows DNS packets up to 4096 bytes to avoid resolution issues.
- Transparent Proxies: If your ISP uses a transparent DNS proxy (e.g., forwarding to ports 5353 or 5354), this configuration helps override that behavior.
- DHCP Settings: Optionally, configure your DHCP server to hand out CyberFOX DNS IPs to clients for consistency.
Firewall & Router DNS Configuration Guides
The DNS configuration guides provided below represent just a selection of the many available resources for setting up DNS on various firewall and router platforms. Each manufacturer may offer different interfaces, features, and firmware versions that can affect how DNS settings are configured. Therefore, it's always best to consult the official documentation or support channels of your specific device manufacturer to ensure you're following the most accurate and up-to-date procedures tailored to your hardware and software version.
Cisco
Juniper Networks
Fortinet
Palo Alto Networks
Netgear
Linksys
TP-Link
SonicWall
WatchGuard
Microsoft Entra Domain Services
Microsoft Entra Domain Services (formerly Azure AD Domain Services) supports DNS management through conditional forwarders, allowing organizations to direct DNS queries for specific domains to external DNS providers, such as CyberFOX DNS Filter. This is particularly useful for leveraging CyberFOX’s DNS filtering and threat protection capabilities. Since server-level forwarders and root hints are not supported in Entra Domain Services, administrators must use a Windows Server VM joined to the managed domain to configure DNS settings using the DNS Manager or PowerShell.
To begin, ensure you have:
- A Windows Server VM is joined to the Entra Domain Services domain.
- DNS Server Tools installed (RSAT-DNS-Server).
- Membership in the AAD DC Administrators group.
Follow Microsoft's documentation to Manage DNS for Microsoft Entra Domain Services and set conditional forwarders or configure DNS forwarding by logging onto the Domain Controllers and issuing the PowerShell command below to replace the forwarders with the CyberFOX IPs.
View Existing Conditional Forwarders
Get-DnsServerZone | Where-Object {$_.ZoneType -eq "Forwarder"}
Set Global Forwarders (if managing a standalone DNS server)
Note: Not supported directly in Entra Domain Services, but useful in hybrid setups and standalone DNS servers.
Set-DnsServerForwarder -IPAddress "203.0.113.10","203.0.113.11" -UseRootHint $False -PassThru
What This Command Does
This command forwards all DNS queries that the local DNS server cannot resolve (i.e., anything not in its local zones) to the CyberFOX DNS servers.
- Set-DnsServerForwarder: Modifies the list of DNS forwarders on the local DNS server.
- -IPAddress: Specifies the IP addresses of the DNS servers to which unresolved queries should be forwarded.
- -UseRootHint $False: Disables the use of root hints if the forwarders fail to resolve a query. This means the server will not fall back to root DNS servers.
- -PassThru: Returns the modified object so you can see the result/output in the PowerShell session.