OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: chemlud on July 21, 2017, 11:35:26 am
-
Hi everybody!
Recently I read somethink about unbound, starting to support DNS via TLS, to stop providers and everyone else on the net to know which pages are used by whom on the internet.
Are there any plans to make this feature available in the near future in the opnsense GUI? Is this even possible in the next time?
Would like to know about that crucial privacy feature!
Many thanks in advance
-
Hi chemlud,
Couldn't find any substantial description of how to use it. Do you have a fitting link?
Thanks,
Franco
-
the thing I can find is ssl-service-key on https://www.unbound.net/documentation/unbound.conf.html
-
Hi all,
here is a quick tut https://calomel.org/unbound_dns.html (https://calomel.org/unbound_dns.html)
see section: DNS Over TLS, simple recursive caching DNS, TCP port 853 ENCRYPTED
cheers till
-
...any news/plans on that?
https://www.golem.de/news/dns-ueber-tls-google-bringt-sichere-dns-abfragen-in-developer-android-1710-130827.html
:-)
-
this would be really nice to have.
-
...startin to get interesting?
https://www.heise.de/newsticker/meldung/Quad9-Datenschutzfreundliche-Alternative-zum-Google-DNS-3890741.html
"Quad9 erlaubt Nutzern als erstes großes Resolver-Netz überhaupt, ihre DNS-Anfragen über TLS zu verschlüsseln. "
-
We can try a patch next week, yet I am fairly certain this will be one hell of a support nightmare if we switch system DNS servers to only work with TLS as it requires the two DNS checkboxes to be set like this: do not override DNS servers, use resolver / forwarder for this firewall.
And better yet, not using these exact values will cause DNS leaks, which is a weird point as we are trading security for privacy or vice versa. It’s a strange world we live in. ;)
Cheers,
Franco
-
What happened to this, does it work yet?
-
https://1.1.1.1
-
Works, but not integrated into the GUI yet. Need to use advanced settings:
https://forum.opnsense.org/index.php?topic=7811.0
Cheers,
Franco