hi all,
i have opnsense, do you think its worth me enabling DNS over TLS, is it really more secure
also what guide should i follow
https://www.dnsknowledge.com/unbound/opnsense-set-up-and-configure-dns-over-tls-dot/
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-dot-on-opnsense
thanks,
rob
It's a tricky one, I read many users saying they are happy for Unbound to do the job as they don't care whether or not their ISP can see the DNS queries, but personally I do use DoT with Quad9.
Have a look at the official guide here: https://docs.opnsense.org/manual/unbound.html#dns-over-tls
I suggest do a lot of research before making up your mind.
You have to decide if you trust your ISP or e.g. Google, Cloudflare or Quad9 ...
My ISP is German Telekom, bound by EU customer protection and privacy legislation including GDPR so why should I hand my DNS requests to a US based company on a silver platter?
Your call - there is no such thing as "more secure". If you are living in a country with an opressive authoritarian regime, things probably look way different for you than for me.
Quote from: Patrick M. Hausen on December 14, 2024, 02:29:39 PMMy ISP is German Telekom, bound by EU customer protection and privacy legislation including GDPR so why should I hand my DNS requests to a US based company on a silver platter?
Then Quad9 should be fine as they are based in Switzerland.
...not to mention there are several other DNS-over-TLS providers with a better track record for privacy...
@chemlud I'd be interested to hear more r/e Quad9 as I'm rethinking my DNS strategy.