NxFilter Tutorial
GUI - DNS
NxFilter is basically a DNS server with filtering ability. This is for its DNS service related settings.

DNS > Setup > DNS Setup
- Upstream DNS Server
NxFilter works as a forwarding DNS Server. You need to have at least one upstream DNS server.

For Upstream DNS Server addresss, You can specify DNS port number using a colon.
    ex) 8.8.8.8:53, 127.0.0.1:5353

- Upstream DNS Query Timeout

Timeout for a DNS query to your upstream DNS server.

- Response Cache Size

NxFilter has its own cache for DNS responses from its upstream server. You can adjust the cache size. Currently the default size is 200,000 and it is enough for most cases.

- Use Persistent Cache

NxFilter can keep up to 1 million DNS responses in its DB. When you have a big enough persistent cache you will not lose your 'Internet Connection' even if there is a nationwide DNS outage because NxFilter will work with its persistent cache.

- Use Negative Cache

At default, NxFilter doesn't keep negative DNS responses in its cache. With this option enabled, NxFilter will keep negative responses such as 'Server Failure' or 'Non-existent Domain' up to 15 minutes.

- Minimal Responses

NxFilter can send only the answer records in the DNS response from its upstream server to its clients while ignoring the additional and the authority sections for reducing DNS packet size and improving server performance.

- Minimum Cache TTL

You can reduce the number of DNS requests from your clients by setting up a minimum cache TTL value. This only applies on A, AAAA, CNAME records.

- Block Cache TTL

The TTL value for NxFilter's block redirection response.

DNS > Setup > Local DNS
- Local DNS Server
When you have a local DNS server for resolving your local domain add its IP address here. You can add multiple IP addresses separated by commas for redundancy.

- Local Domain

When you have a domain to bypass to your local DNS server add the domain here. You can add multiple domains separated by commas.

Don't use '*' or any wildcard for a local domain. It includes its subdomains already.

- Local DNS Query Timeout

Timeout for a DNS query to your local DNS server.

- Use Local DNS

Enable local DNS.

If you set up a local DNS server, all the DNS queries for your local domain will be bypassed from authentication, filtering and logging.

DNS > Setup > DNS over HTTPS (Upstream)
You can set Cloudflare or Google HTTPS DNS server as the upstream server of NxFilter. This means you can implement a network wide 'DNS over HTTPS' easily.

- HTTPS DNS Server

NxFilter supports Cloudflare and Google HTTPS DNS servers.

- HTTPS DNS Query Timeout

Timeout for a DNS query to your HTTPS DNS server.

- Fail-safe With UDP/53

You can make NxFilter querying again using UDP/53 when there's a failure with an HTTPS DNS server.

- Use HTTPS DNS

Enable HTTPS DNS.

DNS > Access Control
IP based access control for DNS.

When your access control is too big, you browser can't post all the content. In that case, you have to create 'dns-allow-ip.txt' file for 'Allowed IP for DNS' and 'dns-block-ip.txt' for 'Blocked IP for DNS' in /nxfilter/conf directory. When you use clustering, you have to copy these files into all the nodes.

DNS > Server Protection
- Drop Attack Request By Domain
When there is a domain queried too many times and fills up the request queue rapidly, we drop the DNS requests for the domain for less than 1 minute not to flood the request queue.

- Drop Attack Request By IP

When there is a client sending abnormal amount of DNS requests, we drop the DNS requests from the client for less than 1 minute not to flood the request queue.

- Drop Hostname Without Domain

When you use NxFilter or NxCloud on cloud you don't need to deal with the hostname only domains.

- Drop Reverse Lookup For Private IP

Drop reverse lookup queries for private IP addresses. You might need this option when you run NxFilter on cloud.

- Allow Reverse Lookup For Server IP

At default, NxFilter drops revers lookups for itself. You can allow it with this option.

- Request Type Control

You can set allowed and blocked DNS request types.

DNS > Zone File
When you use NxFilter as an authoritative DNS server you would need to set up a zone file. We use the same format as a BIND zone file. To find out more, read Authoritative DNS server

DNS > Redirection

Domain to IP or domain to domain redirection is possible with NxFilter. It works like a custom DNS record.

DNS > Zone Transfer
You may need to import a DNS zone from another DNS server. Once you add a zone-transfer setup here, NxFilter imports the DNS zone every minute using IXFR protocol.

DNS > Conditional Forwarder
You can bypass DNS requests to specific DNS servers according to domains. It bypasses everything including authentication, filtering, logging. It works just like 'DNS > Setup > Local DNS'.