Unbound - DNS over TLS

spetrillo · May 17, 2020, 01:58:00 AM

Hello all,

I am wanting to run DNS over TLS via Unbound. I have installed the Unbound addtl plugin to provide this capability. I have setup Unbound custom options section to look as follows:

server:
private-domain: "plex.direct"

server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853

Am I good?

Steve

Mks · May 17, 2020, 09:38:22 AM

Hi,

I always recommend to validate the server certificate, see

https://forum.opnsense.org/index.php?topic=16268.msg74664#msg74664

br

mimugmail · May 17, 2020, 10:15:24 AM

Validation will come in next version

Mks · May 17, 2020, 01:38:46 PM

Great to read :)

spetrillo · May 18, 2020, 08:09:27 PM

Well I noticed something under Unbound, in the Misc section. The first attachment shows a section called DNS over TLS Servers. Should I be specifying them here rather than in the Custom Options under General? Should I have them in both places?

mimugmail · May 19, 2020, 03:47:25 PM

With your setup you could use the new field. I'll add a grid view for 20.1.8 so you can add them line by line with certificate checks (which you dont use currently)

spetrillo · May 19, 2020, 03:51:50 PM

Thanks for the assist here.

Unbound - DNS over TLS

spetrillo

May 17, 2020, 01:58:00 AM

Mks

May 17, 2020, 09:38:22 AM #1

mimugmail

May 17, 2020, 10:15:24 AM #2

Mks

May 17, 2020, 01:38:46 PM #3

spetrillo

May 18, 2020, 08:09:27 PM #4

mimugmail

May 19, 2020, 03:47:25 PM #5

spetrillo

May 19, 2020, 03:51:50 PM #6