PFsense DNS over TLS
-
Re: Setup DNS over TLS on pfSense 2.4.4 p2 - Guide
Just wanted to point out that this old post worked perfectly for me on 2.4.5-RELEASE-p1 and say TY to the author of said post.
It took about 5 minutes to configure/test this configuration.
Cheers All
-
It should be noted that an additional field has been added to the System > General page for the DNS servers since that topic was created, explicitly for the purpose of DNS over TLS. The hostname field is where you enter the hostname of the DNS server(s) that will be returned as part of the TLS encryption. Without that field, pfSense is just assuming that whoever is responding to your DoT requests is in fact the server it should be talking to, without any validation being performed.
For Quad9, you will want to use this for the hostname: dns.quad9.net
-
@virgiliomi If only I could find this piece of information in the docs... Thanks!
-
You mean like where it specifically states that right under the hostname section?
"Hostname
Enter the DNS Server Hostname for TLS Verification in the DNS Resolver (optional)."Or where it states that in the docs you get when you click the ? top right of that page?
https://docs.netgate.com/pfsense/en/latest/config/general.html
"The FQDN of the DNS server, used to validate DNS server certificates when using DNS over TLS (DNS Resolver)."Or where it states that in the dns over tls doc
https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.htmlAnd gives you a warning about not putting it in..
You mean like those docs ;)
-
@johnpoz You are right, I was focused only on the DNS resolver docs page when posting that. Found out the recipe a bit later too, conflicted with some other blog post post, got a separate topic for that.
Thanks!