OPNsense Forum

English Forums => 24.1 Production Series => Topic started by: Monju0525 on March 10, 2024, 02:05:59 am

Title: [Solved] DNS over TLS is not working
Post by: Monju0525 on March 10, 2024, 02:05:59 am

After the latest upgrade, nslookup google.com uses google dns and not my NextDNS.io dns server.
Anyone having a similar experience? It was working on previous opnsense releases.
ISC & KEA has a dns server and they point to the same ip address.
Where is /etc/kea/  there is a config file I need to take a look at?

My configuration is wireguard, kea dhcp, zenarmor and Suricata . It is not NextDNS since my pfsense network nslookup works fine.

Title: Re: DNS over TLS is not working
Post by: DEC670airp414user on March 10, 2024, 01:49:56 pm

I use dns over tls but nothing else you are using apps wise.

It works just fine for me

AAAA   google.com. 201 IN AAAA 2607:f8b0:4023:1009::8a
google.com. 201 IN AAAA 2607:f8b0:4023:1009::8b
google.com. 201 IN AAAA 2607:f8b0:4023:1009::64
google.com. 201 IN AAAA 2607:f8b0:4023:1009::65   45.90.28.64   41 msec
MX   google.com. 300 IN MX 10 smtp.google.com.   45.90.28.64   44 msec

Title: Re: DNS over TLS is not working
Post by: Monju0525 on March 10, 2024, 01:52:18 pm

Update: 02112024 What an idiot! This morning, I looked closer and the client had a W11 static lease with a dns set to Google 8.8.8.8  Needed to set it back to dhcp. DNS over TLS is now working. nslookup pornhub.com is now blocked as it should be by NextDNS.io.  Relief.

Title: Re: [Solved] DNS over TLS is not working
Post by: CJ on March 10, 2024, 03:30:31 pm

Keep in mind that browsers are defaulting to DoH which will ignore your DoT.  Firefox has a domain that you can block in order to disable DoH for your network.  I'm not sure about the other browsers.

Title: Re: [Solved] DNS over TLS is not working
Post by: lar.hed on March 10, 2024, 04:40:02 pm

well, if you have to, you could of course block the IPs of all DoH servers....

https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt (https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt)

Title: Re: [Solved] DNS over TLS is not working
Post by: Monju0525 on March 10, 2024, 05:27:16 pm

@CJ
I fixed my Firefox browser and selected maximum protection and selected NextDNS in the security and privacy settings. Thank u.

Title: Re: [Solved] DNS over TLS is not working
Post by: knaggsy2000 on March 11, 2024, 12:50:36 am

This is why I've switched to AdGuard Home for my network.  As it supports more modern things, in regards to DNS.

Title: Re: [Solved] DNS over TLS is not working
Post by: CJ on March 11, 2024, 12:55:46 pm

Quote from: Monju0525 on March 10, 2024, 05:27:16 pm

@CJ
I fixed my Firefox browser and selected maximum protection and selected NextDNS in the security and privacy settings. Thank u.

All that does is change your DoH provider to NextDNS.  You're still not using the network DNS.

Title: Re: [Solved] DNS over TLS is not working
Post by: CJ on March 11, 2024, 12:56:43 pm

Quote from: knaggsy2000 on March 11, 2024, 12:50:36 am

This is why I've switched to AdGuard Home for my network.  As it supports more modern things, in regards to DNS.

What do you mean by "more modern things, in regards to DNS"?

Title: Re: [Solved] DNS over TLS is not working
Post by: Monju0525 on March 11, 2024, 01:30:40 pm

I have a new issue. This morning the client could not do nslookup 8.8.8.8, the Firefox browser on max protection (nextDNs) said pick a new selection. I restarted the wireguard service and no dns. I had to reboot opnsense and everything worked. Any suggestions? The w11 nic connectivity always said it had internet  access.