Enabled DoT but still see 53

amrogers3

Not sure why. I confirmed DoT via https://dnssec.vs.uni-due.de and https://www.cloudflare.com/ssl/encrypted-sni/

Running 2.4.5 and have two networks, GUEST and LAN. Using Cloudflare 1.1.1.2 and 1.1.1.1.

Results:
I still see 53 in use:

I tried creating port forwarding to 53 then 853 and neither seems to prevent 53 from being used.

amrogers3

changed port forwarding for any request to port 53 redirects to 853. Still seeing 53 traffic at LAN.

alt text

tried to reject all to 53

Still see 53?!?

ipeetables

All devices and computers on your LAN will still be using standard DNS on port 53 locally, as they don't "speak" DoT. What you want to check for is outgoing 53 traffic on your WAN interface. What are you using for your DNS server? Make sure pfsense DNS settings are set to your DNS server as well as your DHCP's dns settings or any devices with static IP's on your network. Keep in mind that some IoT devices like Chromecasts will still try to ignore your preferred DNS server and use their provider.

Edit: When I first opened this post none of the pictures loaded... imgur is blocked at work. Is the reject 53 rule also on Guest and Opt2? Do you have the same NAT rule setup for Opt2?

Gertjan

@ipeetables said in Enabled DoT but still see 53:

imgur is blocked at work

You're not the only one.

@amrogers3 : you can paste image right into the forum message. No need to paste in an image URL using the picture foru command at all :

![alt text](image url)

Just hit Ctrl V when the forum edit window is in focus, if you have the image copied just before.