Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS over TLS Failing with Quad9 using Unbound

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 541 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      datajunkie
      last edited by

      So I'm using 9.9.9.9 and I can telnet to the address when logged into the firewall and can also grab the certs using openssl. So it's not getting blocked anywhere to my knowledge. I didn't see anything in the firewall rules either.

      My configuration
      General Settings DNS Servers:

      • 9.9.9.9
      • 149.112.112.112

      I had Disable DNS Forwarder turned both on and off and it had no effect on unbound's inability to resolve an address over TLS.

      Unbound Configuration

      • Enable DNS Resolved Checked
      • Respond to incoming SSL/TLS queries from local clients (this won't happen, but I turned it on)
      • SSL/TLS Cert webConfigurator
      • Network Interfaces: All
      • Outgoing Network Interfaces: WAN
      • System Domain Local Zone Type: Transparent
      • DNSSEC: Checked
      • DNS Query Forwarding: Checked
      • Use SSL/TLS for outgoing DNS Queries to Forwarding Servers: Checked (This breaks things)
      • DHCP Registration: Checked

      Custom (not sure this is needed anymore with the UI Setting):
      server:
      log-replies: yes
      forward-zone:
      name: "."
      forward-ssl-upstream: yes
      forward-addr: 9.9.9.9@853
      forward-addr: 149.112.112.112@853

      What should I be looking for to fix this issue?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.