Direct internal resource traffic to local servers when using Relays

How the Relay handles DNS traffic

The DNS Relay acts as an on-premises DNS server, bridging the network and DNSFilter. When a device queries the Relay, it routes the request to DNSFilter for filtering and policy enforcement.

Configuring local domains and resolvers ensures internal resources — such as shared drives, domain controllers, printers, and custom applications — resolve correctly without being filtered or misrouted. This is especially useful in environments with multiple network segments or subnetworks that require centralized DNS resolution.

✍️ Use fully qualified domain names (FQDNs) whenever possible. Reserve short hostnames for devices like printers or IoT devices, and test locally to confirm resolution.

Configure local domains and resolvers

Dashboard-configured Local Domains do not apply to the Relay — all local domain routing must be defined directly in relay.conf. The .local domain is automatically forwarded to the network's configured DNS servers and does not require manual configuration. All other internal domains must be added explicitly.

Add a [[local_dns_server]] block to relay.conf for each internal resolver, specifying the resolver address and the domains it should handle:

# Local DNS servers to forward domain specific requests
[[local_dns_server]]
addresses = [ "192.168.0.1:53" ]
local_domains = [ "mycompany.local", "intranet.mycompany.com" ]

Multiple resolvers can be added by repeating the [[local_dns_server]] block:

[[local_dns_server]]
addresses = [ "192.168.0.1:53", "192.168.0.2:53" ]
local_domains = [ "mycompany.local" ]

[[local_dns_server]]
addresses = [ "10.0.0.1:53" ]
local_domains = [ "remote.office.com" ]

After editing relay.conf, restart the Relay for changes to take effect:

relay-manager stop
relay-manager start

Related content

How can we help you?

Search

In this article

How the Relay handles DNS traffic

Configure local domains and resolvers

Comments