Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Ronin

Pages1
#1
General Discussion / Trying to use NextDNS for Unbound but lose connection.
September 03, 2020, 01:29:40 PM
Hi all

I am new to Opnsense and Unbound. I want to use NextDNS for DNS over TLS.

The below config is what is on the NextDNS website.

Use the following in unbound.conf:
Code Select

  forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#e78da1.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#e78da1.dns1.nextdns.io
  forward-addr: 45.90.30.0#e78da1.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#e78da1.dns2.nextdns.io

But after I input that in Ubound's Custom options box click save and apply. I will lose my DNS connection (Can't even go to google.com)

Here is the log:
Code Select
020-09-03T12:13:49 unbound[2080] [2080:2] info: 192.168.1.141 zb7dq19nvmq-e78da1.test.nextdns.io. A IN
2020-09-03T12:13:49 unbound[2080] [2080:3] info: 192.168.1.141 zb7dq19nvmq-e78da1.test.nextdns.io. A IN
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.30.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c1:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: for addr 2a07:a8c0:: port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: no TCP outgoing interfaces of family
2020-09-03T12:13:49 unbound[2080] [2080:3] notice: ssl handshake failed 45.90.28.0 port 853
2020-09-03T12:13:49 unbound[2080] [2080:3] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2020-09-03T12:13:49 unbound[2080] [2080:3] info: 192.168.1.141 zb7dq19nvmq-e78da1.test.nextdns.io. A IN
2020-09-03T12:13:49 unbound[2080] [2080:0] info: start of service (unbound 1.11.0).


But if I put the following it is working fine.

Code Select
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 9.9.9.9@853 #Quad9 ip4
forward-addr: 149.112.112.112@853 #Quad9 ip4
forward-addr: 2620:fe::fe@853 #Quad9 ip6
forward-addr: 1.1.1.1@853 #Cloudflare ip4
forward-addr: 1.0.0.1@853 #Cloudflare ip4
forward-addr: 2606:4700:4700::1111@853 #Cloudflare ip6
forward-addr: 2606:4700:4700::1001@853 #Cloudflare ip6

Can anyone please help me? I really want to use NextDNS because a lot of the features they have on their WebUI.

Many thanks
Pages1