OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: GreenMatter on June 23, 2020, 10:25:04 am

Title: Unbound DoT - still recursive?
Post by: GreenMatter on June 23, 2020, 10:25:04 am

After installing os-unbound-plus I can set list of nameservers (i.e. 9.9.9.9@853) to use for DoT. When having this done, is unbound still recursive DNS server?

Title: Re: Unbound DoT - still recursive?
Post by: RFGuy_KCCO on June 24, 2020, 03:34:11 pm

No, it is simply a Forwarder if you a forwarding all your DNS queries to a DoT provider.

Title: Re: Unbound DoT - still recursive?
Post by: GreenMatter on June 25, 2020, 10:50:44 am

Thanks. Thus either DoT or recursive DNS...
DoT should protect against DNS poisoning and ISP spying and recursive DNS could be more about securing your privacy (querying DNS Servers in "cascade" manner); am I right?

Title: Re: Unbound DoT - still recursive?
Post by: crt333 on June 29, 2020, 03:26:29 pm

I tried something yesterday that seems to give good DNS privacy. I always have a VPN tunnel open to a public VPN connection, which is required for this.  So, I configure DoT using os-unbound-plus (really nice plugin), then I confgure unbound so that the outbound requests go over the VPN tunnel. The ISP can't see DNS queries because it goes over VPN, the VPN provider can't see DNS queries because of DoT, and the DNS server only gets my public VPN address so really any DoT DNS provider can be used.