DNS over TLS Question

[spetrillo]

I am using the miscellaneous section of Unbound to specify my TLS servers. When I do this I get a msg in the Unbound log that tells me there are duplicate forwarding zones. Is this ok or is it an error. I specified both Cloudflare servers, so I know they both work.

[mimugmail]

Then you also have one in custum settings?

[spetrillo]

I do not...I only have my Plex piece there.

[mimugmail]

This can also be set in misc section

[spetrillo]

Ok so i removed everything from custom and have now added plex.direct into misc, as shown in the attached. All good?

[mimugmail]

But you error is still there?

[spetrillo]

Yes I still have the duplicate forward zone msg in the log.

[mimugmail]

Can you check /var/unbound/unbound.conf?

[spetrillo]

So when checking the file I find the following in there:

# Forwarding
forward-zone:
    name: "."
    forward-addr: 1.1.1.1
    forward-addr: 1.0.0.1

This corresponds to my config but is missing the TLS designation? I would have expected to see the @853 also.

Steve

[mimugmail]

This means your Unbound is using your system dns (transparent Mode), which cant work

[spetrillo]

Hmm...how did this happen and what do I need to change? Under System/Settings I am specifying 1.1.1.1 and 1.0.0.1.

[mimugmail]

I'm quite sure you have "DNS Query Forwarding" in Unbound : General enabled. This means Unbound forwards every request to the systems DNS servers. Just disable this checkbox.

[spetrillo]

Thanks for that...yes I had it enabled. It is now unchecked and the duplicate forwarding log msg is now gone.