Local DNS issues are a frequent cause of intermittent capture problems, from split horizon answers to aggressive caching. Routing resolution through a known DoH endpoint takes that variable out of the equation and gives you the same results on every machine that runs the rule file.
Enable useDnsOverHttpsAction when the host operating system's DNS configuration is unreliable, when you want to bypass a captive portal or split horizon resolver, or when you simply need consistent DNS results across different machines that share the same Fluxzy rule file. The action makes Fluxzy resolve names through a DoH endpoint of your choice instead of calling the system resolver.
Built in shortcuts include CLOUDFLARE and GOOGLE for well known providers. You can also pass a full HTTPS URL to point to a private or self hosted DoH server, for example a regional Pi hole or an internal company resolver.
The noCapture flag controls whether the DoH lookups themselves appear in the Fluxzy timeline. Set it to true if you want to keep the capture focused on application traffic and not on the resolver overhead.
A safe default for offsite debugging when the corporate resolver returns split horizon answers.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: UseDnsOverHttpsAction
nameOrUrl: CLOUDFLARE
Point Fluxzy at Google's resolver, and exclude the resolver traffic from the capture so the timeline stays clean.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: UseDnsOverHttpsAction
nameOrUrl: https://dns.google/resolve
noCapture: true
Use the system resolver everywhere, except for a specific host where you suspect local DNS poisoning.
rules:
- filter:
typeKind: HostFilter
pattern: api.suspect.example.com
actions:
- typeKind: UseDnsOverHttpsAction
nameOrUrl: CLOUDFLARE
Use DoH (DNS over HTTPS) to resolve domain names instead of the default DNS provided by the OS
Evaluation scope defines the timing where this filter will be applied.
requestHeaderReceivedFromClient This scope occurs the moment fluxzy parsed the request header receiveid from client
useDnsOverHttpsAction
The following table describes the customizable properties available for this action:
| Property | Type | Description | DefaultValue |
|---|---|---|---|
| nameOrUrl | string | ||
| noCapture | boolean | false |
The following examples apply this action to any exchanges
Use Cloudflare built-in DoH server.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: UseDnsOverHttpsAction
nameOrUrl: CLOUDFLARE
Use provided DoH server: "https://dns.google/resolve". Avoid capturing the DNS requests.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: UseDnsOverHttpsAction
nameOrUrl: https://dns.google/resolve
noCapture: true
View definition of UseDnsOverHttpsAction for .NET integration.
The following actions are related to this action:
Either a shortcut name such as CLOUDFLARE or GOOGLE, or the full URL of any RFC 8484 compatible DoH endpoint, for example https://dns.google/resolve or your own internal resolver.
DoH lookups happen over HTTPS, so they would otherwise appear in the Fluxzy timeline as regular exchanges. noCapture: true keeps them out of the capture, which keeps the view focused on the application traffic you care about.
No. The override only applies to exchanges that match the rule. Other applications on the same machine keep using the OS resolver.
Yes. spoofDnsAction wins because it pins a specific IP. Use useDnsOverHttpsAction when you want correct DNS resolution that is independent from the local environment, and spoofDnsAction when you want to override the answer entirely.