Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to verify DNS over TLS is working through packet capture?

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nesenseN
      nesense
      last edited by

      Hello, I'm trying to verify that DNS over TLS is working through packet capture, I selected the WAN interface, and port  853 but the capture is showing nothing, does this mean it is not working or I am not capturing correctly?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        If your not seeing anything capture on your wan interface and using 853 as the port then either your not sending anything on 853 or you not using your wan interface you think you are.  If you capture just wan without setting port do you see data?

        Do you see queries go out on just 53, normal dns?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • nesenseN
          nesense
          last edited by

          @johnpoz:

          If your not seeing anything capture on your wan interface and using 853 as the port then either your not sending anything on 853 or you not using your wan interface you think you are.  If you capture just wan without setting port do you see data?

          Do you see queries go out on just 53, normal dns?

          I see data without selecting a port, also on port 53 but nothing on port 853, I only have one WAN interface.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Well if your seeing stuff go out on default dns, is it going to where your wanting to forward it?  Or all over the place like a resolver does out of the box.

            Are your clients actually pointing to pfsense for their dns are they going directly out to some dns server.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • nesenseN
              nesense
              last edited by

              @johnpoz:

              Well if your seeing stuff go out on default dns, is it going to where your wanting to forward it?  Or all over the place like a resolver does out of the box.

              Are your clients actually pointing to pfsense for their dns are they going directly out to some dns server.

              It turns out the issue was because of my wireless router running IPFire which set the DNS server to "local recursor" instead of using pfSense as a DNS server through DHCP  :-[ I had to force it to use pfSense as a DNS.

              now capturing packets on port 853 shows requests going through 9.9.9.9

              Thanks for the help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.