DNS over TLS or DNS over HTTPS without certificates question

Started by xPliZit_xs, September 03, 2023, 05:18:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 03, 2023, 05:18:18 PM
Hi,

i wanted to ask about what exactly you will get when enabling DNS over TLS/HTTPS on unbound or adguard "without" using SSL certificates.
In adguard there is a section to add the certificates in order to enable "encryption".
OK!
But, i am able to configure the local DNS server (unbound or adguard) using lets say DNS over TLS.
Isn't that already "encryption" when using the TLS protocol?? (I assume that the local DNS server establishes encryption (TLS) to the specified remote DNS provider e.g. 9.9.9.9 and you are dependent on the DNS provider if they honor privacy).
Is this correct?
If you had SSL certificates on the local DNS server enables encryption also...
September 03, 2023, 08:29:20 PM #1
Are you talking about upstream DoT (Unbound uses DoT to forward queries to other DNS servers) or downstream DoT (hosts in your LANs use DoT to send queries to Unbound)?

Upstream doesn't require adding certificates to Unbound, you only need to specify the CNs of the upstream servers to enable certificate verification.

Downstream requires adding a certificate and matching private key. This is currently not supported via GUI, you have to create a custom include.

Can't say anything about Adguard.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
September 03, 2023, 10:27:09 PM #2
I guess that answers my question. Thank you.
Print
Go Up Pages1
User actions