DNS over TLS Servers

[Ochimo]

Would this be an esier way of configuring this instead of altering the stubby file? Just put like 9.9.9.9@853 and DNS over TLS is on?

[franco]

Unbound can do DoT in 20.7 per GUI configuration (and I don't mean custom options).


Cheers,
Franco

[Massimo1993]

Can't find any option regardin DoT, i've also added to the DNS over TLS field 1.0.0.1@853  (under miscellaneous tab) but on https://cloudflare-dns.com/help/ i keep on getting no to the DNS over TLS check.
Please could you tell us how to do it? Thanks.

[Steve28]

Can't find any option regardin DoT, i've also added to the DNS over TLS field 1.0.0.1@853  (under miscellaneous tab) but on https://cloudflare-dns.com/help/ i keep on getting no to the DNS over TLS check.
Please could you tell us how to do it? Thanks.

@Massimo1993, try to restart the unbound service after you fill in the resolvers on the Miscellaneous tab.  That made it start for me.

But then I have a question: Does unbound then ignore the General-> Enable forwarding mode?  Because that is NOT currently checked for me, but my requests are being forwarded to my DoT provider.

[Massimo1993]

Here is my settings https://imgur.com/a/koO1LWY

[hushcoden]

@Massimo1993, try to restart the unbound service after you fill in the resolvers on the Miscellaneous tab.  That made it start for me.

Which is the correct syntax: 9.9.9.9@853#dns.quad9.net or 9.9.9.9@853 ?

But then I have a question: Does unbound then ignore the General-> Enable forwarding mode?  Because that is NOT currently checked for me, but my requests are being forwarded to my DoT provider.

I remember reading in another post that 'Enable Forwarding Mode' can be unchecked

[Massimo1993]

Which is the correct syntax: 9.9.9.9@853#dns.quad9.net or 9.9.9.9@853 ?

The second one, if you try to add any dns with #domain.something it gives validation error

I remember reading in another post that 'Enable Forwarding Mode' can be unchecked

I did uncheck it, like i've showed in the pictures. I've tried restarting unbound and also i've tried reinstalling unbound.

[mimugmail]

9.9.9.9@853#dns.quad9.net is currently not supported yet, only without verification

[Massimo1993]

9.9.9.9@853#dns.quad9.net is currently not supported yet, only without verification

Not even cloudflare or googledns?

I've tried also this configuration i've found in this forum but it doesen't works either

Code Select Expand

server:
  minimal-responses: yes
  qname-minimisation: yes
  rrset-roundrobin: yes
  use-caps-for-id: yes
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 1.0.0.1@853
  forward-ssl-upstream: yes

[mimugmail]

The view will be rewritten to use a grid layout, so currently the hash sign is forbidden.

I think if you trust google in general you can also trust DNS connection to 8.8.8.8 without the certificate verification?

[Massimo1993]

The view will be rewritten to use a grid layout, so currently the hash sign is forbidden.

Yes but shouldn't the custom setting works?

I think if you trust google in general you can also trust DNS connection to 8.8.8.8 without the certificate verification?

Just to test if the dns over lts works, i've always used cloudflare.

Btw here are my current non working settings
https://postimg.cc/gallery/fM2mBRh

[mimugmail]

They should, but it may lead to other errors ..