Returning a DNS error or the address 127.0.0.1 allows the workstation not to access the target server, but this slows down Internet browsing because browsers will either try several times to make the same request or try to connect to a non-existent service.
In order to ensure a better fluidity, the best solution is to transfer requests on a Web site planned for this purpose.
Improvements on the error page service have been made since the version 4.40 Service pack 116.
To provide correcly the web error page, you need to use a web server that run on both http/https port (80/443).
In our case, we using the DNS Firewall box to host the web page and to avoid port conflicts with the DoH service, we have a created a second MacVlan network Interface in order to force the Web page service to listen this Interface.
- On our deny rule, we switch the rule to “Forge a A response to” the IP address of our web service.
- On the left menu,
Filtering Service>Error page, - Install the service.
- Set the listen Interface to the one that is not used by the DNS Firewall
- Set port on 80/443
When surfing to a denied website, you will see an Error page.
