Send DNS (DoH) queries out of SpeedFusion

We are using a SDX Pro with one of our customers. They have a number of WAN devices connected including (Peplink) 5G modems and Starlink.

They have a SpeedFusion link to a data centre and traffic throughput is working well. Naturally when they are using the data centre connection they have issues with Netflix and the like so we use a DNS based proxy. The trouble is, even when using other WAN sources (not the SpeedFusion) it uses the proxy as we can only set one DoH address for the whole device and each WAN source calls out to that DNS server

Is there a way to have different DoH or DoT URLS per interface (this would be excellent for us)

Failing that, is there anyway to send DNS requests out over the SpeedFusion link, rather than out of each native WAN source like it does by default

Given authentication requirements. Simple DNS53 won’t work. It has to be DNS over HTTPS or over TLS

Many thanks

Tom

This is tricky.
FOR DNS53 there was the really useful advanced DNS resolvers option that lets you set DNS servers per WAN /Speedfusion tunnel.

image991×246 16.2 KB

If you send all traffic via a Speedfusion tunnel, you can then identify the DoH traffic and redirect it over a specific WAN/SF tunnel eg:

image812×329 13.5 KB

But that doesn’t fit your use case perfectly either…

Thanks Martin

Appreciate the response - looking at it, the DNS per interface would be perfect, if it were updated for DoH/DoT - fingers crossed in a future release, this is something Peplink can do - Individual DoH/DoT per WAN interface

I’ll give the traffic forwarding a go - as it will do as a stop gap for now

Many thanks

are the endpoints doing DoH themselves or are they doing DNS53 to the peplink which is then using DoH upstream?

The endpoints are 53 and the Peplink (at the edge of the network) is doing DoH