OPNsense Forum

English Forums => Development and Code Review => Topic started by: opnsenseuser on January 28, 2019, 09:51:17 am

Title: DNS over TLS - Tutorial ?
Post by: opnsenseuser on January 28, 2019, 09:51:17 am

is there any working tutorial for unbound?
Do i need to explicit block the port 53 ?
Do i need a nat rule ?
How can i test if this is 100% working ?

i found several tutorials. what is the actually best working solution?

thx
regards
rené

P.S. sorry wrong Forum. should be in tutorials! :-)

Title: Re: DNS over TLS - Tutorial ?
Post by: opnsenseuser on January 28, 2019, 10:50:46 am

this is the newest tutorial i found:

https://stafwag.github.io/blog/blog/2018/12/09/configure-dns-tls-on-opnsense/ (https://stafwag.github.io/blog/blog/2018/12/09/configure-dns-tls-on-opnsense/)

is this configuration 100% save?

regards
rené

Title: Re: DNS over TLS - Tutorial ?
Post by: opnsenseuser on January 28, 2019, 05:03:21 pm

Quote from: opnsenseuser on January 28, 2019, 10:50:46 am

this is the newest tutorial i found:

https://stafwag.github.io/blog/blog/2018/12/09/configure-dns-tls-on-opnsense/ (https://stafwag.github.io/blog/blog/2018/12/09/configure-dns-tls-on-opnsense/)

is this configuration 100% save?

regards
rené

this tutorial works for me, but how do i prevent traffic over port 53?

Title: Re: DNS over TLS - Tutorial ?
Post by: opnsenseuser on January 28, 2019, 05:41:26 pm

if there is any traffic on port 53 one of your clients is not using your opnsense dns

Code: [Select]

tcpdump -i wan_interface udp port 53
Check for working DNS over TLS

Code: [Select]

tcpdump -i vr1 tcp port 853
i think it works! :-)

@fabian would be great if you could move this to tutorials! regards rené

Title: Re: DNS over TLS - Tutorial ?
Post by: oscarr on July 26, 2020, 09:48:15 pm

I'm not sure if it works, because in my case:

Code: [Select]

tcpdump -i vr1 tcp port 853
(BIOCSETIF failed: Device not configured)