Skip to content

Manual Command Line Configuration


Please, if possible always prefer to use the fully configured virtual appliance on your own VMware vSphere/ESXi infractucture or in Microsoft Azure. Virtual Appliace has Admin UI preinstalled, so no manual configuration from command line is needed. Everything can be configured using your browser.

Dns Safety consists of one binary (daemon) and several auxiliary folders and files installed in /opt/dnssafety folder. In Linux the folder is owned by standard daemon user. In FreeBSD it is owned by standard bind user.

You need to configure your router to announce the IP address of the box where Dns Safety runs as DNS server for your network. Various models of routers may require different simple steps to achieve these results.

If you only need to use Dns Safety on one machine, then configure its network settings to point to the box where Dns Safety is installed.

Configure Daemon

In order to manually configure Dns Safety from the command line, you need to edit the /opt/dnssafety/etc/config.json file. This file contains several sections that are mostly self-explanatory. Open the file in your favorite editor and make any changes required. Save the file afterwards.

By default the config file has 4 different filtering policies pre-installed. Default policy blocks all advertisements (like does for example Pi-Hole), well known adult sites and site promoting weapons, cracks, hacking, illegal activity and self harm. Other policies allow you to adjust filtering level based on your requirements.

Restart or Reload

To apply your changes you need to restart or reload the Dns Safety daemon. Restart is usually needed after making system level changes (for example after changing network settings), reload is enough to apply changes in filtering policies. On Linux, the following commands restart/reload DNS Safety.

systemctl reload dsdnsd
systemctl restart dsdnsd

On FreeBSD use the following commands instead.

service dsdnsd restart
service dsdnsd reload

Verify it Works

In order to verify DNS Safety works as expected use nlookup or dig command. For example, lookup of domain name shall return NXDOMAIN result and that domain name SHOULD NOT BE ACCESSIBLE. If it is not so then please check all installation/configuration steps once again.

root@node12:~# dig

; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40693
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 65494
;          IN      A

;; Query time: 30 msec
;; WHEN: Fri Feb 01 09:48:40 CET 2019
;; MSG SIZE  rcvd: 49

Please note, previous section explains how to use the Admin UI to manage DNS Safety from your browser.