So I am trying to get DNS over TLS to work, and I must be going wrong somewhere and seeking a bit of guidance.
I really wish there was a proper guide somewhere but there are so many little ways to do things.
Bit of background I run Dual WAN so I have setup the rule for DNS as per the guide for that.
Ok first: SYSTEM: SETTINGS: GENERAL
I left DNS servers blank
Unticked Allow DNS server list to be overridden by DHCP/PPP on WAN
Unticked Do not use the local DNS service as a nameserver for this system
And I did tick Allow default gateway switching (due to dual wan)
Next DNS:
SERVICES: UNBOUND DNS: GENERAL
(https://i.ibb.co/bvPxL1d/Screenshot-2021-11-24-at-08-36-43.png)
SERVICES: UNBOUND DNS: DNS OVER TLS
I used 9.9.9.9 for IP
853 for Port
dns.quad9.net for CN Hostname
FIREWALL: RULES: LAN
IPv4 TCP/UDP * * 10.0.0.1 53 (DNS) * * Local Route DNS
As per the Dual WAN guidance.
I did try to clone this rule and use port 853 but to no avail.
If I use https://tenta.com/test/ or https://1.1.1.1/help
Both say DNS over TLS NO
So I'm wondering where in my setup is it incorrect that DNS over TLS doesnt engage?
I have DoT setup differently but I have the same results on 1.1.1.1 help for the last few weeks. I thought it might be a problem on their side because if I test on dnsleaktest I can see the correct dns servers for the providers I've chosen.
On cloudflare it tells me I'm not using DoT but I can see on a my network they are on TLS. Also command line tools checks confirm I'm using it.
https://forum.opnsense.org/index.php?topic=24642.0 ?
That explains my experience and now I know why. Thanks Fright.
Quote from: Fright on November 24, 2021, 02:08:16 PM
https://forum.opnsense.org/index.php?topic=24642.0 ?
Thanks makes sense now.