Unbound - DNS via TLS?

Started by chemlud, July 21, 2017, 11:35:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 21, 2017, 11:35:26 AM
Hi everybody!

Recently I read somethink about unbound, starting to support DNS via TLS, to stop providers and everyone else on the net to know which pages are used by whom on the internet.

Are there any plans to make this feature available in the near future in the opnsense GUI? Is this even possible in the next time?

Would like to know about that crucial privacy feature!

Many thanks in advance

kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
July 24, 2017, 07:40:50 PM #1
Hi chemlud,

Couldn't find any substantial description of how to use it. Do you have a fitting link?


Thanks,
Franco
July 24, 2017, 09:21:19 PM #2
the thing I can find is ssl-service-key on https://www.unbound.net/documentation/unbound.conf.html
July 25, 2017, 07:11:32 AM #3
Hi all,

here is a quick tut https://calomel.org/unbound_dns.html
see section: DNS Over TLS, simple recursive caching DNS, TCP port 853 ENCRYPTED

cheers till
October 26, 2017, 11:53:39 AM #4
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
November 15, 2017, 08:59:19 PM #5
this would be really nice to have.
November 16, 2017, 02:30:37 PM #6
...startin to get interesting?

https://www.heise.de/newsticker/meldung/Quad9-Datenschutzfreundliche-Alternative-zum-Google-DNS-3890741.html

"Quad9 erlaubt Nutzern als erstes großes Resolver-Netz überhaupt, ihre DNS-Anfragen über TLS zu verschlüsseln. "
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
November 16, 2017, 03:01:48 PM #7
We can try a patch next week, yet I am fairly certain this will be one hell of a support nightmare if we switch system DNS servers to only work with TLS as it requires the two DNS checkboxes to be set like this: do not override DNS servers, use resolver / forwarder for this firewall.

And better yet, not using these exact values will cause DNS leaks, which is a weird point as we are trading security for privacy or vice versa. It's a strange world we live in. ;)


Cheers,
Franco
January 04, 2018, 05:26:18 PM #8
What happened to this, does it work yet?
April 02, 2018, 01:07:18 AM #9
April 04, 2018, 07:59:33 AM #10
Works, but not integrated into the GUI yet. Need to use advanced settings:

https://forum.opnsense.org/index.php?topic=7811.0


Cheers,
Franco
Print
Go Up Pages1
User actions