OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • Use specified DNS servers instead of ISP DNS from DHCP
« previous next »
  • Print
Pages: [1]

Author Topic: Use specified DNS servers instead of ISP DNS from DHCP  (Read 920 times)

e97

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Use specified DNS servers instead of ISP DNS from DHCP
« on: June 05, 2024, 07:20:05 pm »
Hello recently upgraded from 23.x to 24.x. Currently on OPNsense 24.1.6-amd64

Previously setup my DNS using a few different servers (1.1.1.1, 8.8.8.8, 9.9.9.9 lol) and verified with
Code: [Select]
dig https://www.dnscheck.tools/ and https://www.dnsleaktest.com/

I followed the instructions here https://forum.opnsense.org/index.php?topic=8505.0

Have unbound Enabled.

Recently I noticed a slow down in browsing and diagnosed the issue to using ISP DNS (provided by DHCP) instead of the servers I specified.

For OPNsense 24.x Whats the correct procedure / settings to use specified DNS instead of ISP DNS provided by DHCP on WAN?
« Last Edit: June 05, 2024, 09:31:29 pm by e97 »
Logged

ThyOnlySandman

  • Jr. Member
  • **
  • Posts: 85
  • Karma: 4
    • View Profile
Re: Use specified DNS servers instead of ISP DNS from DHCP
« Reply #1 on: June 06, 2024, 12:52:14 am »
This what I set

System , Settings, General - DNS servers blank
Disable -  Allow DNS server list to be overridden by DHCP/PPP on WAN
Disable -  Do not use the local DNS service as a nameserver for this system

Unbound on LAN INT listening port 53
LAN firewall rules , source internal vlans to destination (this firewall) port 53
Unbound access lists allowing internal vlans

Unbound - DNS over TLS

8.8.8.8
853
dns.google.com

1.1.1.1
853
cloudflare-dns.com

Clients DNS set to opnsense DNS.  Or if internal DNS servers like domain controllers, client's DNS set to DC.  DC forwards set to opnsense 53.  Internal DNS unencrypted 53.  External queries over TLS 853 to ones you specify.
Logged

e97

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Re: Use specified DNS servers instead of ISP DNS from DHCP
« Reply #2 on: June 06, 2024, 05:26:51 pm »
Quote from: ThyOnlySandman on June 06, 2024, 12:52:14 am
This what I set

System , Settings, General - DNS servers blank
Disable -  Allow DNS server list to be overridden by DHCP/PPP on WAN
Disable -  Do not use the local DNS service as a nameserver for this system

Unbound on LAN INT listening port 53
LAN firewall rules , source internal vlans to destination (this firewall) port 53
Unbound access lists allowing internal vlans

Unbound - DNS over TLS

8.8.8.8
853
dns.google.com

1.1.1.1
853
cloudflare-dns.com

Clients DNS set to opnsense DNS.  Or if internal DNS servers like domain controllers, client's DNS set to DC.  DC forwards set to opnsense 53.  Internal DNS unencrypted 53.  External queries over TLS 853 to ones you specify.

Thank you! That seems to have fixed the issue and now I got a bit of a security upgrade with DNS over TLS  ;D
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • Use specified DNS servers instead of ISP DNS from DHCP
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2