"Quote from: ceeeeej on March 08, 2025, 12:56:41 AMI have OPNSense setup with Adguard Home and Unbound with DNS over TLS.
I was having some trouble getting the Caddy access lists working to restrict some services to my LAN IPs only. To get this all working I had to setup overrides in Unbound that point these URLs back to my Caddy when on my LAN. i.e. I setup example.website.com in Caddy and then in Unbound I had to setup an override to point this URL back to 192.168.1.1 (where Caddy is running on my opnsense router).
My assumption was that because they were encrypted with DNS over TLS that the Caddy reverse proxy can't intercept them?
Just posting in case anyone has feedback or other ideas here. I was hoping to not require setting these up but it works now.
Hello
You may no longer be concerned about this, but it could help others in the future.
When using AdGuard with DNS over TLS and LAN IP only, you need to use the DNS rewrite of AdGuard.
Go to AdGuard then menu Filter > DNS rewrite > Add DNS rewrite.
For "domain name or wildcard", I specified *.mydomain.tld
For "Enter IP address or domaine name", I specified the IP address of Caddy host so OPNSense IP address.
