[Solved] CloudFlare / Unbound -> DNS over TLS not working

[solaceza]

Hi,

(Running OPNsense 22.1.1_3-amd64)

I've found that although the WebUI allows for the configuration of DNS over TLS in the Unbound DNS service it's not writing the correct configuration (see attachment for DNS over TLS config)

Checking: /var/unbound/unbound.conf

I found the following:

--snip--
# Forwarding
forward-zone:
    name: "."
        forward-addr: 1.1.1.1
        forward-addr: 1.0.0.1
--snip--

The result is that in the log files my queries are not encrypted and are logged as:

  1.0.0.1@53  (unencrypted)


I attempted to modify the configuration to include the updated correct lines:

--snip--
# Forwarding
forward-zone:
    name: "."
        forward-addr: 1.1.1.1@853#cloudflare-dns.com
        forward-addr: 1.0.0.1@853#cloudflare-dns.com
        forward-tls-upstream: yes
--snip--

The system ran correctly for a period of time (https://cloudflare-dns.com/help/ even returned DoT:Yes) and then seemed to revert the configuration to the incorrect config.

My asks:
1. How do I log a bug for this?
2. Why / how is it reverting the configuration?

Thanks
  S

[solaceza]

UPDATE

I discovered the issue; my Unbound service was configured to use:
 
   DNS Query Forwarding

Which I disabled, this overrides the settings in the DNS over TLS pane.

Posting for others in the future.

Thanks
  S