allow to set HTTP PROXY for HTTP/S access while still using non-proxied DNS over UDP forwarders

[mstorck]

In my setup I need to use an HTTP PROXY to access the update check and to download blocklists via HTTP/S, but I still want to use plain simple DNS over UDP forwarders (in my case to allow a NG-FW appliance to scan the requests).

Currently the WebUI displays an error and the configuration doesn't seem to survive a daemon restart.

[ShreyasZare]

Thanks for the post.

In my setup I need to use an HTTP PROXY to access the update check and to download blocklists via HTTP/S, but I still want to use plain simple DNS over UDP forwarders (in my case to allow a NG-FW appliance to scan the requests).

You can still do that using conditional forwarder zones. Just configure the proxy in Settings > Proxy & Forwarders section without any forwarders and create a conditional forwarder zone for . (period) and select the No Proxy option.

Currently the WebUI displays an error and the configuration doesn't seem to survive a daemon restart.

Please share the error details here. You should also see the error log in the Logs section on the panel.

[mstorck]

The error show is a red alert box with following text

Error! HTTP proxy server can transport only DNS-over-TCP, DNS-over-TLS, or DNS-over-HTTPS forwarder protocols. Use SOCKS5 proxy server for DNS-over-UDP or DNS-over-QUIC forwarder protocols.

[ShreyasZare]

The error show is a red alert box with following text

Error! HTTP proxy server can transport only DNS-over-TCP, DNS-over-TLS, or DNS-over-HTTPS forwarder protocols. Use SOCKS5 proxy server for DNS-over-UDP or DNS-over-QUIC forwarder protocols.

The error means that you configured HTTP proxy but you also had forwarders configured to use either UDP or QUIC transport protocol which is not support by the HTTP proxy protocol.

So, you just need to either configure a SOCKS5 proxy or change your forwarder protocol.

Also, since there was the error when you tried to save settings, the settings were not saved to disk.

[mstorck]

@ShreyasZare I did understand the error message. However here is my problem in my particular setup:

• I must use HTTP Proxy for HTTP access to the Internet (check update availability, download apps).
• I must use UDP to query the resolvers.

I do understand that UDP cannot use HTTP proxy. But why not just show an information that since I selected UDP and an unsupported PROXY it's just not going to use the proxy for UDP (but very much so for HTTP).

[ShreyasZare]

The solution for this requirement is to use conditional forwarder zones instead of the forwarders in the settings.

But why not just show an information that since I selected UDP and an unsupported PROXY it's just not going to use the proxy for UDP (but very much so for HTTP).

Its not like that. Due to the validation error, the settings were not fully updated and saved. In such a case, the DNS client will internally switch to use TCP transport instead of UDP transport to make it work over the HTTP proxy. The error message is just so that the config is correct.