Messages

1

General Discussion / DNS redirect best practice

« on: May 19, 2024, 03:19:04 pm »

I have Opnsense and AdGuard Home (AGH) set up as a plugin on the same machine. Currently, I'm redirecting DNS queries from Opnsense Unbound to AGH over TLS. However, this setup doesn't provide full query transparency from the device to the query.

I'm considering some alternatives:

1. Forwarding the query without TLS.
2. Setting up AGH as the main DNS server and Unbound as a downstream server.
3. Leave it as is

Which setup is more correct or idiomatic in terms of capabilities and network architecture?