OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: chocolatecake on November 23, 2018, 12:37:36 pm

Title: Using the dis-crypt plugin
Post by: chocolatecake on November 23, 2018, 12:37:36 pm

Hi,

I've installed the latest devel and the dns-crypt plugin which is great to see.

Are there any guides for configuring it yet?

If not I'm happy to try and write one up, I just probably need a few pointers! Is it best to use it with unbound-dns or BIND? I'd like to include my dhcp static and leases in the local zone and also use some of the adware lists - hence I'm not sure if BIND is suitable.

Any pointers would be much appreciated, happy to input with a "user guide" if that will help.

Title: Re: Using the dis-crypt plugin
Post by: mimugmail on November 23, 2018, 02:55:59 pm

Using with Unbound you should use a forwarding like described here at the bottom:

https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/

For the beginning I'd just enable the service and create a port forward that source and destinationy any, port 53/udp is forwarded to localhost port 5353.

Then you are using dnscrypt for all.

Blacklists are currently not implemented yet, only cloaking/overrides and forwarding.

Title: Re: Using the dis-crypt plugin
Post by: chocolatecake on November 25, 2018, 01:57:26 pm

Thanks. I did try using the NAT rules but I can't seem to get it to work correctly. When I do a leak test I'm still seeing my ISP's DNS servers.

Is there a log file for the plugin? I looked in /var/log but couldn't see anything obvious...

Title: Re: Using the dis-crypt plugin
Post by: mimugmail on November 25, 2018, 05:24:24 pm

They are in etc folder of the plugin