Show Posts
1
Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6
« on: November 12, 2020, 02:48:22 pm »
Hi guys,
I have OPNSense installed as a VM in a Proxmox homelab test server for the purpose of trial and error (the first error is that the PC only has one physical NIC).
I setup Unbound and DNSCrypt as described in this excellent HowTo. Now to the odd behaviour:
If I use the automatic DNS option for a client, I get the expected ISP running a dnsleaktest.com extended test and if I set a DNS like the fallback resolver specified in DNSCrypt, then I get that.
However, if I set the OPNSense VM as the sole DNS then nothing will be resolved. Yet, if I specify a second DNS name server, like the one used as fallback resolver, then I do get DNScrypt results. Even more strange, I don't exclusively get DNSCrypt name server, but also the odd amazon, google and similar?!?
Running "dnscrypt-proxy -resolve opnsense.org" and "unbound-host opnsense.org" don't return anything unexpected.
Has anyone seen that before and/or any idea how to solve it?
I am new to the topic and any help and advise would be much appreciated.
I have OPNSense installed as a VM in a Proxmox homelab test server for the purpose of trial and error (the first error is that the PC only has one physical NIC).
I setup Unbound and DNSCrypt as described in this excellent HowTo. Now to the odd behaviour:
If I use the automatic DNS option for a client, I get the expected ISP running a dnsleaktest.com extended test and if I set a DNS like the fallback resolver specified in DNSCrypt, then I get that.
However, if I set the OPNSense VM as the sole DNS then nothing will be resolved. Yet, if I specify a second DNS name server, like the one used as fallback resolver, then I do get DNScrypt results. Even more strange, I don't exclusively get DNSCrypt name server, but also the odd amazon, google and similar?!?
Running "dnscrypt-proxy -resolve opnsense.org" and "unbound-host opnsense.org" don't return anything unexpected.
Has anyone seen that before and/or any idea how to solve it?
I am new to the topic and any help and advise would be much appreciated.