Hello,
As stated in the unbound.conf page (https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/ (https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/)), there is an option to turn on upstream TLS. I always assumed that by entering data into Unbound DNS/Miscelaneous/DNS over TLS Servers, this option would be turned on, but I spent some time examining the config files and I don't see an entry to enable it.
server:
tls-upstream: yes
I believe the statement above would be needed to actually turn the feature on, in addition to the path to the certificates and the servers/ports. The latter two options are added in /usr/local/unbound/miscelaneous.conf, but I don't think the traffic is actually encrypted unless the tls-upstream option is used.
Can someone a) verify that my understanding is correct, and if so, b) direct me to the proper way to file this as a bug in the interface?
Thanks!
It works for me, can you Check if your DNS is encrypted first?
its in dot.conf, not in miscelaneous afaik
https://github.com/opnsense/core/blob/master/src/opnsense/service/templates/OPNsense/Unbound/core/dot.conf
https://www.cloudflare.com/en-gb/ssl/encrypted-sni/
Check your browser. What does it say (Secure DNS)?
Works for me, Services > Unbound DNS > Misc > DNS over TLS servers, put them in as 1.1.1.1@853 and 1.0.0.1@853
I also had to uncheck the box in Service > Unbound DNS > General (DNS Query forwarding).