Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS over HTTPS/TLS support?

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xpxp2002
      last edited by

      Is there any possibility that the Cloudflare daemon for DNS over HTTPS, or the RFC-compliant DNS over TLS will be coming to pfSense?

      https://developers.cloudflare.com/1.1.1.1/dns-over-https/
      https://developers.cloudflare.com/1.1.1.1/dns-over-tls/
      https://tools.ietf.org/html/rfc7858

      1 Reply Last reply Reply Quote 0
      • G
        GregoryO
        last edited by

        It's working via manual installation:
        https://github.com/jedisct1/dnscrypt-proxy/wiki/Installation-pfsense

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          There are a couple threads about configuring DNS over TLS using the advanced options of the DNS Resolver (unbound). That is the best thing to do at the moment, no need to install any extra software.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • A
            ashleydrees
            last edited by

            This is great, i have grabbed and configured, but i have a quick question to the knowledgable before messing up my DNS resolution setup on my pFsense.

            I have a split DNS where i use "DNS Forwarder" to maintain my internal address's (including the DHCP address), I would like the dnscrypt-proxy to accept all the calls from the DNS Forwarder that it does not handle itself…  so DNS Forwarder > DNSCrypt Proxy > Remote DNSCrypt Server.

            I am considering putting the DNSCrypt Proxy on its own internal address and pointing the whole pFsense DNS resolution at the new internal proxy address, is this the sensible way to do it or should i be doing something else?  It feels a little clunky to add yet another step - and from the config docs for DNScrypt Proxy it would seem to be able to do everything that the DNS forwarder can do already but of course it will not have its own CP pane and not integrate with pFsense in a unified way.

            Any thoughts from knowledgeables would be appreciated.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.