DNS over TLS - Verified that unsigned response is INSECURE

Started by 9ck, March 09, 2023, 12:09:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 09, 2023, 12:09:48 PM Last Edit: March 09, 2023, 12:39:22 PM by 9ck
Hi forum
New to OPNsense and DNS over TLS. I get this line in my logfile under debug "[92375:3] info: Verified that unsigned response is INSECURE" and I'm not sure what to make of this "warning".

In > Unbound DNS > DNS over TLS, I've setup and enabled two services.
Enabled: Checked
Domain: Blank
Address: 1.1.1.2 and 1.0.0.2 (respectively)
Port: 853
Hostname: security.cloudflare-dns.com

In > Unbound DNS > General
Enabled: Checked
Listen port: 53
Network Interfaces: All
DNSSEC: Checked
IPv6 Link-local: Checked

In > Unbound DNS > Advanced
Harden DNSSEC Data: Checked
Log Queries: Checked
Log Level Verbosity: Level 2

In > Services > DHCPv4 and the respective LAN and VLANs
DNS Servers: Blank

In > System > Settings > General
DNS Servers: Blank

Am I missing something? Whats causing this promp in the log?
March 09, 2023, 06:24:53 PM #1
Hi
it means that DNSSEC support is enabled in unbound and the queried domain is unsigned (not an error. just info)
March 10, 2023, 11:06:56 AM #2
Thanks Fright. I'm admittedly in over my head sometimes... :)
Print
Go Up Pages1
User actions