OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: 9ck on March 09, 2023, 12:09:48 pm

Title: DNS over TLS - Verified that unsigned response is INSECURE
Post by: 9ck on March 09, 2023, 12:09:48 pm

Hi forum
New to OPNsense and DNS over TLS. I get this line in my logfile under debug "[92375:3] info: Verified that unsigned response is INSECURE" and I'm not sure what to make of this "warning".

In > Unbound DNS > DNS over TLS, I've setup and enabled two services.
Enabled: Checked
Domain: Blank
Address: 1.1.1.2 and 1.0.0.2 (respectively)
Port: 853
Hostname: security.cloudflare-dns.com

In > Unbound DNS > General
Enabled: Checked
Listen port: 53
Network Interfaces: All
DNSSEC: Checked
IPv6 Link-local: Checked

In > Unbound DNS > Advanced
Harden DNSSEC Data: Checked
Log Queries: Checked
Log Level Verbosity: Level 2

In > Services > DHCPv4 and the respective LAN and VLANs
DNS Servers: Blank

In > System > Settings > General
DNS Servers: Blank

Am I missing something? Whats causing this promp in the log?

Title: Re: DNS over TLS - Verified that unsigned response is INSECURE
Post by: Fright on March 09, 2023, 06:24:53 pm

Hi
it means that DNSSEC support is enabled in unbound and the queried domain is unsigned (not an error. just info)

Title: Re: DNS over TLS - Verified that unsigned response is INSECURE
Post by: 9ck on March 10, 2023, 11:06:56 am

Thanks Fright. I'm admittedly in over my head sometimes... :)