1. Home
  2. Tags
  3. dns over tls
Log in to post
  • JonathanLeeJ

    Feature Request: GUI options to Unbound Resolver's new DoH abilities

    Plus 23.09 Development Snapshots (Retired)
    2
    2 Votes
    2 Posts
    1k Views
    jimpJ

    If it's fully standalone in Unbound that should be possible, though I don't know what kind of time frame we'd be looking at.

    I haven't kept an eye on it but last I saw it required passing in the https requests from something else like an nginx proxy setup but from the look of those docs they seem to have native support now. The library they mentioned is present on pfSense and is a dependency of Unbound already (the ports option DOH is enabled) so all the backend parts appear to be present, just the GUI/PHP config code would need to be implemented.

    The larger problem is that it's going to want to use port 443 which complicates GUI access and makes it trickier to use in practice.

  • T

    DNSSEC and SSL/TSL for outgoing DNS queries

    DHCP and DNS
    13
    0 Votes
    13 Posts
    2k Views
    johnpozJ

    @tikiyetti for starters you should really update pfsense, that version is quite dated.

    If you want to do your own dnssec, then yes you should just resolve which is what unbound does out of the box. Or if your wanting to forward then just pick a dns that does it already and uncheck dnssec in unbound.

    I am not aware of any of the major dns providers that do not do dnssec out of the box - some of them have special IPs you can point to that don't do it - like the 9.9.9.10 IP for quad9, etc.. But pretty much any of the major players are doing it out of the box. So there is little point to having unbound try and do it if your forwarding - more likely than not just going to cause you possible issues at some point or another. Its just extra work for something that is already being done.

    If you order a cheeseburger, do you scrape off the cheese when you get it an put your own cheese on?

    If you want to control putting cheese on your burger, just order it plain (resolve) and then do your own thing for the cheese ;)

  • V

    DNS over TLS + Diagnostic > DNS Lookup

    Deutsch
    20
    0 Votes
    20 Posts
    3k Views
    T

    @viragomann ich bin bisher davon ausgegangen, dass es zur Wahrung der Integrität der Antwort genügt, wenn der verantwortliche autoritative Nameserver DNSSEC unterstützt, aber jetzt, wo du nachfragst, bin ich mir nicht mehr sicher, ob das stimmt. 🤔

  • S

    why does DNS over TLS require forwarding mode?

    DHCP and DNS
    7
    0 Votes
    7 Posts
    2k Views
    S

    thank you all for the information here.. after this we started looking more into how everything works, and now it is much clearer.

    ps regarding cache size, i needed to bump it up, it was using more then default.