Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: tabsats on December 21, 2023, 07:11:05 PM

Title: DNS over TLS via Unbound - Leaking?!
Post by: tabsats on December 21, 2023, 07:11:05 PM
Hi all, I am struggling with an issue I wasnt able to solve for myself since months and I am not sure if it even is an issue.

I am trying to use DNS of TLS feature within the Unbound Settings. There I have entered the details for nextdns and that works so far. All external DNS is going through nextdns and is logged there properly.

The problem I face is that I am not sure if the DNS is leaking also to other DNS servers. I use dnscheck.tools to see which DNS Servers are used and there I see the nextdns servers but also many different other ones. I am wondering if those are a result of unbound recursions or real leaks?!

Would be glad if one of our experts here can provide some Tips for me.

Attached are SCs of my setup (couldnt figure out how to include into the text)
Title: Re: DNS over TLS via Unbound - Leaking?!
Post by: tabsats on December 25, 2023, 11:47:55 AM
Not sure if you are able to look at the uploaded screenshots, I had to convert them into a smaller format so that I can post them due to the requirements of very small filesizes here.... or maybe my post is not clear enough?
Title: Re: DNS over TLS via Unbound - Leaking?!
Post by: DEC670airp414user on December 25, 2023, 11:55:44 AM
hostname should contain:

your ID.dns.nextdns.io.  not what you have listed

local zone is changed to static?

general dns servers should still have a backup DNS server there according to the manual

when you login to the nextdns page.  does it show. your ip sync and it says you are using their service?
Title: Re: DNS over TLS via Unbound - Leaking?!
Post by: tabsats on December 25, 2023, 12:01:39 PM
Quote from: DEC670airp414user on December 25, 2023, 11:55:44 AM
hostname should contain:

your ID.dns.nextdns.io.  not what you have listed

The Hostname was created according to instructions on NextDNS. I just have added the name of my firewall in the beginning just to see it is really my device... I have just concealed my ID for this forum.

Quote from: DEC670airp414user on December 25, 2023, 11:55:44 AM
local zone is changed to static?

yes


Quote from: DEC670airp414user on December 25, 2023, 11:55:44 AM
when you login to the nextdns page.  does it show. your ip sync and it says you are using their service?


Yes I can see on mynextdns.io that it works.

Quote from: DEC670airp414user on December 25, 2023, 11:55:44 AM
general dns servers should still have a backup DNS server there according to the manual

can I put the unbound internal dns there or does it have to be a public one?
edit: I have just used the standard IPs from mynextdns dashboard and it seems it has fixed the issue. Still dont understand why... I dont want to use them??
Edit 2: other DNS Servers just popped up again. This didn't solve it, I anyway didn't understand why it would...
Text only | Text with Images