Skip to main content

How can we help you?

Search

help Knowledge Base
forum Community
checklist Release Notes
event Events

Local DNS resolution failing while using Roaming Clients

Minetta Gould
  • Updated

    In this article

If local DNS resolution is failing, a possible cause is that either EDNS isn't supported or a firewall is blocking EDNS queries.

Windows deployments

Beginning with Windows Roaming Client 1.11.0, EDNS0 was added to local domain queries for failover.

In versions 2.2.1 and older, local DNS resolution may fail if the internal DNS resolver or firewall does not support EDNS0.

This issue no longer affects Windows Roaming Client 3.0 or higher, which automatically retries local DNS queries without EDNS0 when needed.

Agent versions 2.2.1 and older

Use this registry setting only for legacy agents that still rely on loopback-based DNS routing.

  1. Add a registry entry to disable EDNS for local domain queries for failover
    • reg add “HKLM\SOFTWARE\DNSFilter\Agent” /v IncludeLocalResolversEdnsRecords /d “false” /f
    • reg add “HKLM\SOFTWARE\DNSAgent\Agent” /v IncludeLocalResolversEdnsRecords /d “false” /f
  2. Restart the device or the Roaming Client to apply the change

✍️ To re-enable EDNS for local domain queries for failover, set the value to true.

Agent versions 3.0 and higher

The 3.0 agent performs its own fallback logic and does not require configuration changes. Default EDNS0 behavior differs by connection mode:

  • DNS Loopback Connection mode. EDNS0 is enabled by default. The agent first attempts to send local resolver queries with EDNS0 headers and automatically retries without EDNS0 if the request fails
  • Transparent Proxy Connection mode. EDNS0 is disabled by default. The agent respects the flag and does not retry the query

Both settings can be adjusted in appsettings.Overrides.json if needed:

 
"LoopbackProxy": {
    "IncludeLocalResolversEdnsRecords": false
},
"TransparentProxy": {
    "IncludeLocalResolverEdnsRecords": true
}

⚠️ The Transparent Proxy option name uses Resolver without a trailing s. This difference from the Loopback option name is intentional.

macOS deployments

Follow these steps to resolve this issue.

  1. In your device Terminal, open DNSFilter Agent daemon.conf
    a. see issue diagnostics for steps to navigate to the daemon.conf file

  2. Add the following option to the top of the configuration file:

    IncludeLocalResolversEdnsRecords=false

    Before

    After

     

  3. Restart the daemon
    • sudo launchctl bootout system /Library/LaunchDaemons/com.dnsfilter.agent.macos.helper.plist 
sudo launchctl bootstrap system /Library/LaunchDaemons/com.dnsfilter.agent.macos.helper.plist
    • sudo launchctl bootout system /Library/LaunchDaemons/io.netalerts.agent.macos.helper.plist 
sudo launchctl bootstrap system /Library/LaunchDaemons/io.netalerts.agent.macos.helper.plist
  4. If the daemon does not restart, restart the device to push the update 
Was this article helpful?
2 out of 2 found this helpful
Return to top

Comments

0 comments

Please sign in to leave a comment.