u/goodt2023

Running Technitium DNS Server in a cluster (dns1 + dns2). I added stun.l.google.com via the Blocked tab (top nav, not Settings → Blocking). The zone got auto-created with NS + SOA records pointing to dns1.home.arpa, no A or AAAA records, which matches what I'd expect for an empty Blocked-tab entry.

The Query Logs (Sqlite app) show this when a client queries the blocked domain:

Client: 10.99.0.11
Protocol: Udp
Response Type: Authoritative
RCODE: Refused
Domain: stun.l.google.com
Type: A (and AAAA)

So Technitium is responding authoritatively with RCODE=Refused — not NXDOMAIN, not NoError/NODATA.

I expected NXDOMAIN given:

• The zone exists locally as an empty zone (NS + SOA, no resource records)
• No "Allow Recursion Only For Private Networks" path is involved (the client is on RFC1918 10.0.0.0/8 and the log says response source is Authoritative, not Recursive)
• The CHANGELOG mentions: "Fixed critical bug in block list condition check causing server to respond with RCODE=Refused when only using Blocked zone. Added option to respond with RCODE=NxDomain for blocked domains instead of returning 0.0.0.0 address."

That changelog entry suggests there's a setting to control this, but I can't find a "Blocking Type" control in Settings → Blocking on my version. Some older Reddit threads mention a "Blocking Type" radio (NX Domain / Anyone Address / Custom Address), but on my UI that section doesn't appear that way.

Questions:

1. Is Refused the expected/correct response code for a manually-added Blocked-tab entry on current versions of Technitium, or is there a setting I'm missing that would make it return NXDOMAIN?
2. Is the "Blocking Type" setting that older posts reference still present in the current UI? If so, where? If not, what replaced it?
3. Does the Blocking Type setting (if present) only apply to Block List Zone (URL-based lists) entries, or does it also affect the manually-added Blocked tab entries?
4. The dashboard "Blocked" counter doesn't increment for these Refused responses — they show up under "Refused" instead. Is that the intended categorization, or should manually-blocked-zone Refused responses count toward the Blocked counter?

Functionally the block is working — the client (kvmd-janus on a GL.iNet KVM) makes a few retries on Refused then gives up, which is actually the desired behavior. But I'd like to understand the response code logic so I can configure it deliberately rather than accidentally.

Version: 14.3

Thanks!

Does anyone have any experience with fixing the bios on a Mellanox MSN2700 to add the missing information regarding installing th le OS?

Thanks

Figured I would post here that i submitted a ticket this morning with a lot of detail and logs from the firewalla as well as iOS screenshots. Seems like my tickets are just filtered out unless I post. I get an email from someone at firewalla after I post on here saying my ticket has received no responses in like 6-8 days and someone finally looks at it. In the same response I get you should change your email address. I always say why and never really get a response :) So hopefully someone will actually look at my ticket before 6-8 days this time. The bottom line is the all AP7's go offline and no WiFi works and it seems to be memory issues on the Firewalla Gold Pro or some other type of bug. This has happened several times but this time I actually logged into SSH session and got all the logs before they disappeared and captured diagnostic output. Unfortunately, I know of no way to login to the AP7's to capture their diagnostic logs like doing SSH to the Gold Pro. This seems to be a recurring problem and the ticket has the details. Thanks in Advance.