Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Unbound DNS Upstream TLS option
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound DNS Upstream TLS option (Read 2777 times)
SecAficionado
Newbie
Posts: 42
Karma: 4
Unbound DNS Upstream TLS option
«
on:
December 08, 2020, 10:11:48 pm »
Hello,
As stated in the
unbound.conf
page (
https://www.nlnetlabs.nl/documentation/unbound/unbound.conf/
), there is an option to turn on
upstream TLS
. I always assumed that by entering data into
Unbound DNS/Miscelaneous/DNS over TLS Servers
, this option would be turned on, but I spent some time examining the config files and I don't see an entry to enable it.
Code:
[Select]
server:
tls-upstream: yes
I believe the statement above would be needed to actually turn the feature on, in addition to the path to the certificates and the servers/ports. The latter two options are added in
/usr/local/unbound/miscelaneous.conf
, but I don't think the traffic is actually encrypted unless the tls-upstream option is used.
Can someone a) verify that my understanding is correct, and if so, b) direct me to the proper way to file this as a bug in the interface?
Thanks!
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Unbound DNS Upstream TLS option
«
Reply #1 on:
December 09, 2020, 05:55:44 am »
It works for me, can you Check if your DNS is encrypted first?
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Unbound DNS Upstream TLS option
«
Reply #2 on:
December 09, 2020, 07:15:20 am »
its in dot.conf, not in miscelaneous afaik
https://github.com/opnsense/core/blob/master/src/opnsense/service/templates/OPNsense/Unbound/core/dot.conf
Logged
koushun
Jr. Member
Posts: 95
Karma: 9
Digital pimp hard at work.
Re: Unbound DNS Upstream TLS option
«
Reply #3 on:
January 27, 2021, 02:09:28 am »
https://www.cloudflare.com/en-gb/ssl/encrypted-sni/
Check your browser. What does it say (Secure DNS)?
Logged
Running OPNsense through Proxmox
4 x Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (1 Socket)
24 GB RAM
iBROX
Newbie
Posts: 48
Karma: 2
Re: Unbound DNS Upstream TLS option
«
Reply #4 on:
January 27, 2021, 03:08:30 am »
Works for me, Services > Unbound DNS > Misc > DNS over TLS servers, put them in as 1.1.1.1@853 and 1.0.0.1@853
I also had to uncheck the box in Service > Unbound DNS > General (DNS Query forwarding).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Unbound DNS Upstream TLS option