I am using Unbound to resolve my requests via 853 and thats working with 9.9.9.9, 1.1.1.1 and some others.
I googled around and found out that OpenDNS doesn't support DNS over TLS. Now is there a way to make it somehow safer?
Should I port forward 53 from src: opnsense using port 53 to 853?
What would you recommend in terms of DNS security?
I tried adding Rules like in this pfsense guide for DoT. https://medium.com/@davetempleton/setting-up-dns-over-tls-on-pfsense-bd96912c2416
But unfortunately it only killed all clientside DNS requests, even after disabling the rules.
edit: Turned out, that while I played around with the configs, Unbound wasnt correctly using tls. Had an error with DNSKEYS caused by DNSSEC and dnscrypt ...
always check ur logs'n'ports!
tcp -v -i <waninterface> udp port 53
tcp -v -i <waninterface> tcp port 853