Use specified DNS servers instead of ISP DNS from DHCP

Started by e97, June 05, 2024, 07:20:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 05, 2024, 07:20:05 PM Last Edit: June 05, 2024, 09:31:29 PM by e97
Hello recently upgraded from 23.x to 24.x. Currently on OPNsense 24.1.6-amd64

Previously setup my DNS using a few different servers (1.1.1.1, 8.8.8.8, 9.9.9.9 lol) and verified with
Code Select
dig https://www.dnscheck.tools/ and https://www.dnsleaktest.com/

I followed the instructions here https://forum.opnsense.org/index.php?topic=8505.0

Have unbound Enabled.

Recently I noticed a slow down in browsing and diagnosed the issue to using ISP DNS (provided by DHCP) instead of the servers I specified.

For OPNsense 24.x Whats the correct procedure / settings to use specified DNS instead of ISP DNS provided by DHCP on WAN?
June 06, 2024, 12:52:14 AM #1
This what I set

System , Settings, General - DNS servers blank
Disable -  Allow DNS server list to be overridden by DHCP/PPP on WAN
Disable -  Do not use the local DNS service as a nameserver for this system

Unbound on LAN INT listening port 53
LAN firewall rules , source internal vlans to destination (this firewall) port 53
Unbound access lists allowing internal vlans

Unbound - DNS over TLS

8.8.8.8
853
dns.google.com

1.1.1.1
853
cloudflare-dns.com

Clients DNS set to opnsense DNS.  Or if internal DNS servers like domain controllers, client's DNS set to DC.  DC forwards set to opnsense 53.  Internal DNS unencrypted 53.  External queries over TLS 853 to ones you specify.
June 06, 2024, 05:26:51 PM #2
Quote from: ThyOnlySandman on June 06, 2024, 12:52:14 AM
This what I set

System , Settings, General - DNS servers blank
Disable -  Allow DNS server list to be overridden by DHCP/PPP on WAN
Disable -  Do not use the local DNS service as a nameserver for this system

Unbound on LAN INT listening port 53
LAN firewall rules , source internal vlans to destination (this firewall) port 53
Unbound access lists allowing internal vlans

Unbound - DNS over TLS

8.8.8.8
853
dns.google.com

1.1.1.1
853
cloudflare-dns.com

Clients DNS set to opnsense DNS.  Or if internal DNS servers like domain controllers, client's DNS set to DC.  DC forwards set to opnsense 53.  Internal DNS unencrypted 53.  External queries over TLS 853 to ones you specify.

Thank you! That seems to have fixed the issue and now I got a bit of a security upgrade with DNS over TLS  ;D
Print
Go Up Pages1
User actions