OPNsense Forum

English Forums => General Discussion => Topic started by: spetrillo on May 17, 2020, 01:58:00 am

Title: Unbound - DNS over TLS
Post by: spetrillo on May 17, 2020, 01:58:00 am

Hello all,

I am wanting to run DNS over TLS via Unbound. I have installed the Unbound addtl plugin  to provide this capability. I have setup Unbound custom options section to look as follows:

server:
private-domain: "plex.direct"

server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853

Am I good?

Steve

Title: Re: Unbound - DNS over TLS
Post by: Mks on May 17, 2020, 09:38:22 am

Hi,

I always recommend to validate the server certificate, see

https://forum.opnsense.org/index.php?topic=16268.msg74664#msg74664 (https://forum.opnsense.org/index.php?topic=16268.msg74664#msg74664)

br

Title: Re: Unbound - DNS over TLS
Post by: mimugmail on May 17, 2020, 10:15:24 am

Validation will come in next version

Title: Re: Unbound - DNS over TLS
Post by: Mks on May 17, 2020, 01:38:46 pm

Great to read  :)

Title: Re: Unbound - DNS over TLS
Post by: spetrillo on May 18, 2020, 08:09:27 pm

Well I noticed something under Unbound, in the Misc section. The first attachment shows a section called DNS over TLS Servers. Should I be specifying them here rather than in the Custom Options under General? Should I have them in both places?

Title: Re: Unbound - DNS over TLS
Post by: mimugmail on May 19, 2020, 03:47:25 pm

With your setup you could use the new field. I'll add a grid view for 20.1.8 so you can add them line by line with certificate checks (which you dont use currently)

Title: Re: Unbound - DNS over TLS
Post by: spetrillo on May 19, 2020, 03:51:50 pm

Thanks for the assist here.