Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS over TLS or DNS over HTTPS without certificates question
« previous
next »
Print
Pages: [
1
]
Author
Topic: DNS over TLS or DNS over HTTPS without certificates question (Read 2196 times)
xPliZit_xs
Newbie
Posts: 19
Karma: 0
DNS over TLS or DNS over HTTPS without certificates question
«
on:
September 03, 2023, 05:18:18 pm »
Hi,
i wanted to ask about what exactly you will get when enabling DNS over TLS/HTTPS on unbound or adguard "without" using SSL certificates.
In adguard there is a section to add the certificates in order to enable "encryption".
OK!
But, i am able to configure the local DNS server (unbound or adguard) using lets say DNS over TLS.
Isn't that already "encryption" when using the TLS protocol?? (I assume that the local DNS server establishes encryption (TLS) to the specified remote DNS provider e.g. 9.9.9.9 and you are dependent on the DNS provider if they honor privacy).
Is this correct?
If you had SSL certificates on the local DNS server enables encryption also...
Logged
Maurice
Hero Member
Posts: 1213
Karma: 158
Re: DNS over TLS or DNS over HTTPS without certificates question
«
Reply #1 on:
September 03, 2023, 08:29:20 pm »
Are you talking about upstream DoT (Unbound uses DoT to forward queries to other DNS servers) or downstream DoT (hosts in your LANs use DoT to send queries to Unbound)?
Upstream doesn't require adding certificates to Unbound, you only need to specify the CNs of the upstream servers to enable certificate verification.
Downstream requires adding a certificate and matching private key. This is currently not supported via GUI, you have to create a custom include.
Can't say anything about Adguard.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Commercial support & engineering available. PM for details (en / de).
xPliZit_xs
Newbie
Posts: 19
Karma: 0
Re: DNS over TLS or DNS over HTTPS without certificates question
«
Reply #2 on:
September 03, 2023, 10:27:09 pm »
I guess that answers my question. Thank you.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
DNS over TLS or DNS over HTTPS without certificates question