[Solved] CloudFlare / Unbound -> DNS over TLS not working

Started by solaceza, February 22, 2022, 01:07:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 22, 2022, 01:07:56 AM Last Edit: February 22, 2022, 01:15:34 AM by solaceza
Hi,

(Running OPNsense 22.1.1_3-amd64)

I've found that although the WebUI allows for the configuration of DNS over TLS in the Unbound DNS service it's not writing the correct configuration (see attachment for DNS over TLS config)

Checking: /var/unbound/unbound.conf

I found the following:

--snip--
# Forwarding
forward-zone:
    name: "."
        forward-addr: 1.1.1.1
        forward-addr: 1.0.0.1
--snip--

The result is that in the log files my queries are not encrypted and are logged as:

  1.0.0.1@53  (unencrypted)


I attempted to modify the configuration to include the updated correct lines:

--snip--
# Forwarding
forward-zone:
    name: "."
        forward-addr: 1.1.1.1@853#cloudflare-dns.com
        forward-addr: 1.0.0.1@853#cloudflare-dns.com
        forward-tls-upstream: yes
--snip--

The system ran correctly for a period of time (https://cloudflare-dns.com/help/ even returned DoT:Yes) and then seemed to revert the configuration to the incorrect config.

My asks:
1. How do I log a bug for this?
2. Why / how is it reverting the configuration?

Thanks
  S

February 22, 2022, 01:14:57 AM #1
UPDATE

I discovered the issue; my Unbound service was configured to use:
 
   DNS Query Forwarding

Which I disabled, this overrides the settings in the DNS over TLS pane.

Posting for others in the future.

Thanks
  S
Print
Go Up Pages1
User actions