IPFire 2.25’s latest core update comes with a reworked DNS system which adds many new features and fixes many bugs.
IPFire 2.25 Core Update 141 brings a set of changes around DNS. The Update’s totally reworked DNS system which adds DNS-over-TLS. IPFire also announced that they are following the guidelines they have set the EDNS buffer size to 1232 bytes to combat MTU issues. This avoids large DNS replies being fragmented even on Internet lines with smaller MTUs.
All DNS settings will automatically be converted. This is also compatible when older backups are being restored.
- A unified page with all DNS settings
- More than two DNS servers can be added for better load-balancing and resiliency. The fastest servers will be used automatically.
- Enhanced privacy with DNS-over-TLS and strict QNAME minimization
- Safe Search, to filter adult content from the entire network without using the web proxy
- Better workarounds for users with ISPs that filter DNS responses/break DNSSEC. TLS and TCP can be used as transport instead.
- Faster boot because of fewer checks being executed at boot time
In this update, IPFire has also rebased the system on GCC 9 and added support for Go and Rust. They have included Python 3 to the base system and deprecated Python 2 which is out of support by now however not everything has been converted to use Python 3 yet.