DNS over HTTPS/TLS support?
-
Is there any possibility that the Cloudflare daemon for DNS over HTTPS, or the RFC-compliant DNS over TLS will be coming to pfSense?
https://developers.cloudflare.com/1.1.1.1/dns-over-https/
https://developers.cloudflare.com/1.1.1.1/dns-over-tls/
https://tools.ietf.org/html/rfc7858 -
It's working via manual installation:
https://github.com/jedisct1/dnscrypt-proxy/wiki/Installation-pfsense -
There are a couple threads about configuring DNS over TLS using the advanced options of the DNS Resolver (unbound). That is the best thing to do at the moment, no need to install any extra software.
-
This is great, i have grabbed and configured, but i have a quick question to the knowledgable before messing up my DNS resolution setup on my pFsense.
I have a split DNS where i use "DNS Forwarder" to maintain my internal address's (including the DHCP address), I would like the dnscrypt-proxy to accept all the calls from the DNS Forwarder that it does not handle itself… so DNS Forwarder > DNSCrypt Proxy > Remote DNSCrypt Server.
I am considering putting the DNSCrypt Proxy on its own internal address and pointing the whole pFsense DNS resolution at the new internal proxy address, is this the sensible way to do it or should i be doing something else? It feels a little clunky to add yet another step - and from the config docs for DNScrypt Proxy it would seem to be able to do everything that the DNS forwarder can do already but of course it will not have its own CP pane and not integrate with pFsense in a unified way.
Any thoughts from knowledgeables would be appreciated.