Hello,
I had my OPNsense firewall at home running nicely until we had a power cut and the M2 drive failed. I replaced this and installed the lasted OPNsense and restored my config and was back online in no time really.
The only thing I can't remember how I get working is my NextDNS.
A rebuild would of lost my local changes. In my notes I have this, are below. Are they still the valid way to get this working again?
Created a file called nextdns.conf in /var/unbound/etc
Quoteserver:
tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 45.90.28.0#e6f5fx.dns1.nextdns.io
forward-addr: 2a07:a8c0::#e6f5fx.dns1.nextdns.io
forward-addr: 45.90.30.0#e6f5fx.dns2.nextdns.io
forward-addr: 2a07:a8c1::#e6f5fx.dns2.nextdns.io
Make sure the file owner is unbound and same rights as other files.
chown unbound nextdns.conf
not sure but check https://docs.opnsense.org/manual/unbound.html?highlight=unbound#advanced-configurations (https://docs.opnsense.org/manual/unbound.html?highlight=unbound#advanced-configurations)
for correct path of that nextdns.conf
Huh, why not add the servers to Services: Unbound DNS: DNS over TLS and be done with it? :)
Cheers,
Franco
Because GUI doesn't allow entry in format required to identify NextDNS configuration profile, which is <next.dns.ip>#<next_dns_profile_id>.dnsX.nextdns.io, such as "45.90.28.0#e6f5fx.dns1.nextdns.io" in above example.
Best regards,
Maciek
The ability to do that custom DNS over TLS configuration via the GUI was added last year with the hostname field. I have been using it since it was added and have had no issues with NextDNS. Just set the hostname to <client identifier>-<next_dns_profile_id>.dnsX.nextdns.io.
You are right. I tried following the NextDNS instructions and overlooked the additional fields in the OPNsense GUI. Sorry for the confusion.
Best regards,
Maciej