Unbound DoT - still recursive?

Started by GreenMatter, June 23, 2020, 10:25:04 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 23, 2020, 10:25:04 AM
After installing os-unbound-plus I can set list of nameservers (i.e. 9.9.9.9@853) to use for DoT. When having this done, is unbound still recursive DNS server?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 24, 2020, 03:34:11 PM #1
No, it is simply a Forwarder if you a forwarding all your DNS queries to a DoT provider.
OPNsense 20.7.4
SuperMicro SuperServer E300-8D (primary WAN)
Protectli Vault FW1 (secondary WAN)
TRENDnet TEG-30284
June 25, 2020, 10:50:44 AM #2
Thanks. Thus either DoT or recursive DNS...
DoT should protect against DNS poisoning and ISP spying and recursive DNS could be more about securing your privacy (querying DNS Servers in "cascade" manner); am I right?
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)
June 29, 2020, 03:26:29 PM #3
I tried something yesterday that seems to give good DNS privacy. I always have a VPN tunnel open to a public VPN connection, which is required for this.  So, I configure DoT using os-unbound-plus (really nice plugin), then I confgure unbound so that the outbound requests go over the VPN tunnel. The ISP can't see DNS queries because it goes over VPN, the VPN provider can't see DNS queries because of DoT, and the DNS server only gets my public VPN address so really any DoT DNS provider can be used.
Print
Go Up Pages1
User actions