Skip to main content

How can we help you?

Search

help Knowledge Base
forum Community
checklist Release Notes
event Events

Understanding local domains and resolvers

Minetta Gould
  • Updated

    In this article

Network administrators often need to ensure local resources—such as shared drives, shared printers, and domain controllers—resolve correctly while using DNSFilter. This article explains how local domains work in DNSFilter and links to how to configure them properly for Roaming Client and Relay deployments.

Why local domains and resolvers matter

When a device makes a DNS request, it needs to know whether the query should be resolved internally (within the network) or externally (through a public DNS provider). If local resolvers are not properly configured, DNSFilter treats internal domains like public websites—resulting in lost access to critical systems.

Common scenarios where improper local DNS setup causes issues include:

  • Intranet sites failing to load
  • Shared drives and network printers becoming inaccessible
  • Authentication failures with Active Directory or a domain controller
  • Applications relying on internal DNS returning errors

Why configure local domains and resolvers?

Many corporate networks use Split-Horizon DNS to direct internal traffic. This applies to:

  • Internal domains, e.g. bigco.mycorp, internal.bigco.com
  • Private network resources, e.g. file servers, shared printers
  • Active Directory environments using a domain controller for local resolution

For network-wide DNS configurations, organizations typically set DNSFilter as a forwarder in their existing DNS setup (e.g., within Active Directory). However, for Roaming Clients or Relays, you must explicitly specify local domains to ensure traffic meant for internal DNS does not get filtered or logged.

Automatic handling of .local domains

If the organization uses .local domains for internal resources, no additional configuration is needed. DNSFilter automatically forwards all .local domain requests to the network's originally configured DNS servers, regardless of other network settings.

Additionally, RFC 1918 private address reverse lookups (PTR queries for in-addr.arpa) are also sent to local DNS servers.

Related Support Content

Was this article helpful?
2 out of 7 found this helpful
Return to top

Comments

0 comments

Please sign in to leave a comment.