OPNsense Forum

English Forums => General Discussion => Topic started by: csmall on April 04, 2018, 04:02:59 am

Title: Cloudflare DNS over TLS with Unbound
Post by: csmall on April 04, 2018, 04:02:59 am

Looking at this article https://www.netgate.com/blog/dns-over-tls-with-pfsense.html?utm_campaign=DNSoverTLS&utm_content=69532200&utm_medium=social&utm_source=twitter (https://www.netgate.com/blog/dns-over-tls-with-pfsense.html?utm_campaign=DNSoverTLS&utm_content=69532200&utm_medium=social&utm_source=twitter)

I enabled unbound and added the custom settings from this article to enable dns over tls on 1.1.1.1 and 1.0.0.1.

It seemed to work fine for a short period of time and then I start getting these errors and the unbound service stops running.

unbound: [58716:1] notice: ssl handshake failed 1.1.1.1 port 853

unbound: [58716:1] error: ssl handshake failed crypto error:140020B5:SSL routines:CONNECT_CW_CLNT_HELLO:no ciphers available

Is anyone using cloudflare dns over tls successfully?

Title: Re: Cloudflare DNS over TLS with Unbound
Post by: opnfwb on April 05, 2018, 11:32:33 pm

Cloudflare is having issues presently with TLS. I'm using Quad9 DNS TLS and it's been working.

https://community.cloudflare.com/t/1-1-1-1-was-working-but-not-anymore/15136

Title: Re: Cloudflare DNS over TLS with Unbound
Post by: lambrusco on April 07, 2018, 05:02:04 pm

Had the same issue, I used the following parameters in the custom options field and then it worked.

Code: [Select]

server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853