OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: sinayion on July 11, 2021, 05:07:46 pm
-
Hi,
First of all, I'm really sorry if there is an answer for this somewhere. I've been googling this for an hour, and I am lost between what I think are contradictory answers, and not-so-obvious answers.
I just installed opnsense for the first time, and I want to use Cloudflare's 1.1.1.1/1.0.0.1 DNS servers. This is what I have done, and I'm not sure if this is right:
- Unbound is enabled by default, at Services->Unbound DNS->General
- In the above page, I enabled DNSSEC, register leases, and register static mappings
- I set the desired DNS servers at System->Settings->General->DNS Servers (both for ipv4 and ipv6, Cloudflare)
- I unchecked "Allow DNS server list to be overridden by DHCP/PPP on WAN" in the same page as above
My devices now show my opnsense local IP as their DNS server. I am assuming that Unbound is looking at the Cloudflare DNS settings I made earlier, and using those as its "dns root servers". Am I wrong? How does Unbound decide on which DNS servers to use, especially since I disabled "Allow DNS server list to be overridden by DHCP/PPP on WAN"?
If I am 100% wrong above with my desired outcome, what is the correct way to use Unbound, and also use any custom DNS? In the following post, franco states the term "dns root servers". I really want to understand the priority/how Unbound "knows" what the current root DNS servers are: https://forum.opnsense.org/index.php?topic=6332.msg26951#msg26951.
-
The only way to make sure you're using the desired DNS servers is to employ DoH or DoT, otherwise your ISP can be intercepting all your DNS queries and answering it as if it were Cloudflare.
Check out the Tutorials section on the forum, there's plenty of good documentation on how to use DoH/DoT with Unbound.