Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Ronin on September 03, 2020, 01:29:40 PM

Title: Trying to use NextDNS for Unbound but lose connection.
Post by: Ronin on September 03, 2020, 01:29:40 PM
Hi all

I am new to Opnsense and Unbound. I want to use NextDNS for DNS over TLS.

The below config is what is on the NextDNS website.

Use the following in unbound.conf:
Code Select

  forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#e78da1.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#e78da1.dns1.nextdns.io
  forward-addr: 45.90.30.0#e78da1.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#e78da1.dns2.nextdns.io

But after I input that in Ubound's Custom options box click save and apply. I will lose my DNS connection (Can't even go to google.com)

Here is the log:
Code Select
020-09-03T12:13:49 unbound[2080] [2080:2] info: 192.168.1.141 zb7dq19nvmq-e78da1.test.nextdns.io. A IN
2020-09-03T12:13:49 unbound[2080] [2080:3] info: 192.168.1.141 zb7dq19nvmq-e78da1.test.nextdns.io. A IN
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] info: 192.168.1.141 zb7dq19nvmq-e78da1.test.nextdns.io. A IN
2020-09-03T12:13:49 unbound[2080] [2080:0] info: start of service (unbound 1.11.0).


But if I put the following it is working fine.

Code Select
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 9.9.9.9@853 #Quad9 ip4
forward-addr: 149.112.112.112@853 #Quad9 ip4
forward-addr: 2620:fe::fe@853 #Quad9 ip6
forward-addr: 1.1.1.1@853 #Cloudflare ip4
forward-addr: 1.0.0.1@853 #Cloudflare ip4
forward-addr: 2606:4700:4700::1111@853 #Cloudflare ip6
forward-addr: 2606:4700:4700::1001@853 #Cloudflare ip6

Can anyone please help me? I really want to use NextDNS because a lot of the features they have on their WebUI.

Many thanks
Title: Re: Trying to use NextDNS for Unbound but lose connection.
Post by: mrancier on September 04, 2020, 01:08:58 AM
server:
      tls-cert-bundle: "/etc/ssl/cert.pem"
Title: Re: Trying to use NextDNS for Unbound but lose connection.
Post by: burntoc on October 22, 2020, 11:11:16 PM
Thanks so much for this.  I just ran into the exact same this and this seems to have resolved it.
Title: Re: Trying to use NextDNS for Unbound but lose connection.
Post by: Demus4202 on March 25, 2021, 04:09:25 AM
I'm having trouble with this myself.

Anyone mind showing me an update unbound config file?
Title: Re: Trying to use NextDNS for Unbound but lose connection.
Post by: Maurice on March 25, 2021, 07:02:30 PM
Why custom options? You can enter upstream DoT servers in Services / Unbound DNS / Miscellaneous.

Cheers

Maurice
Title: Re: Trying to use NextDNS for Unbound but lose connection.
Post by: hushcoden on March 25, 2021, 07:20:21 PM
Quote from: Maurice on March 25, 2021, 07:02:30 PM
Why custom options? You can enter upstream DoT servers in Services / Unbound DNS / Miscellaneous.
If you want to also specify the auth name, i.e. #dns.quad9.net for Quad9, then custom options is currently the only way.
Title: Re: Trying to use NextDNS for Unbound but lose connection.
Post by: Maurice on March 25, 2021, 08:06:20 PM
Oh, okay, didn't know the UI doesn't support that. Thanks!
Text only | Text with Images