Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
DNS over TLS Question
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS over TLS Question (Read 3294 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
DNS over TLS Question
«
on:
May 23, 2020, 03:12:11 am »
I am using the miscellaneous section of Unbound to specify my TLS servers. When I do this I get a msg in the Unbound log that tells me there are duplicate forwarding zones. Is this ok or is it an error. I specified both Cloudflare servers, so I know they both work.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DNS over TLS Question
«
Reply #1 on:
May 23, 2020, 07:03:40 am »
Then you also have one in custum settings?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: DNS over TLS Question
«
Reply #2 on:
May 23, 2020, 07:24:15 am »
I do not...I only have my Plex piece there.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DNS over TLS Question
«
Reply #3 on:
May 23, 2020, 08:34:59 am »
This can also be set in misc section
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: DNS over TLS Question
«
Reply #4 on:
May 23, 2020, 03:53:56 pm »
Ok so i removed everything from custom and have now added plex.direct into misc, as shown in the attached. All good?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DNS over TLS Question
«
Reply #5 on:
May 23, 2020, 05:06:30 pm »
But you error is still there?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: DNS over TLS Question
«
Reply #6 on:
May 23, 2020, 05:39:14 pm »
Yes I still have the duplicate forward zone msg in the log.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DNS over TLS Question
«
Reply #7 on:
May 23, 2020, 09:01:30 pm »
Can you check /var/unbound/unbound.conf?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: DNS over TLS Question
«
Reply #8 on:
May 24, 2020, 06:08:15 pm »
So when checking the file I find the following in there:
# Forwarding
forward-zone:
name: "."
forward-addr: 1.1.1.1
forward-addr: 1.0.0.1
This corresponds to my config but is missing the TLS designation? I would have expected to see the @853 also.
Steve
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DNS over TLS Question
«
Reply #9 on:
May 24, 2020, 06:48:16 pm »
This means your Unbound is using your system dns (transparent Mode), which cant work
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: DNS over TLS Question
«
Reply #10 on:
May 24, 2020, 07:12:02 pm »
Hmm...how did this happen and what do I need to change? Under System/Settings I am specifying 1.1.1.1 and 1.0.0.1.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: DNS over TLS Question
«
Reply #11 on:
May 25, 2020, 07:18:58 am »
I'm quite sure you have "DNS Query Forwarding" in Unbound : General enabled. This means Unbound forwards every request to the systems DNS servers. Just disable this checkbox.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: DNS over TLS Question
«
Reply #12 on:
May 25, 2020, 05:01:38 pm »
Thanks for that...yes I had it enabled. It is now unchecked and the duplicate forwarding log msg is now gone.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
DNS over TLS Question