OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • Unbound DoT - still recursive?
« previous next »
  • Print
Pages: [1]

Author Topic: Unbound DoT - still recursive?  (Read 1835 times)

GreenMatter

  • Full Member
  • ***
  • Posts: 126
  • Karma: 1
    • View Profile
Unbound DoT - still recursive?
« on: June 23, 2020, 10:25:04 am »
After installing os-unbound-plus I can set list of nameservers (i.e. 9.9.9.9@853) to use for DoT. When having this done, is unbound still recursive DNS server?
Logged
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)

RFGuy_KCCO

  • Newbie
  • *
  • Posts: 11
  • Karma: 2
    • View Profile
Re: Unbound DoT - still recursive?
« Reply #1 on: June 24, 2020, 03:34:11 pm »
No, it is simply a Forwarder if you a forwarding all your DNS queries to a DoT provider.
Logged
OPNsense 20.7.4
SuperMicro SuperServer E300-8D (primary WAN)
Protectli Vault FW1 (secondary WAN)
TRENDnet TEG-30284

GreenMatter

  • Full Member
  • ***
  • Posts: 126
  • Karma: 1
    • View Profile
Re: Unbound DoT - still recursive?
« Reply #2 on: June 25, 2020, 10:50:44 am »
Thanks. Thus either DoT or recursive DNS...
DoT should protect against DNS poisoning and ISP spying and recursive DNS could be more about securing your privacy (querying DNS Servers in "cascade" manner); am I right?
Logged
OPNsense on:
Intel(R) Xeon(R) E-2278G CPU @ 3.40GHz (4 cores)
8 GB RAM
50 GB HDD
and plenty of vlans ;-)

crt333

  • Jr. Member
  • **
  • Posts: 50
  • Karma: 0
    • View Profile
Re: Unbound DoT - still recursive?
« Reply #3 on: June 29, 2020, 03:26:29 pm »
I tried something yesterday that seems to give good DNS privacy. I always have a VPN tunnel open to a public VPN connection, which is required for this.  So, I configure DoT using os-unbound-plus (really nice plugin), then I confgure unbound so that the outbound requests go over the VPN tunnel. The ISP can't see DNS queries because it goes over VPN, the VPN provider can't see DNS queries because of DoT, and the DNS server only gets my public VPN address so really any DoT DNS provider can be used.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 20.1 Legacy Series »
  • Unbound DoT - still recursive?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2