Still using 53 despite configuring 853

A Former User · Aug 31, 2018, 3:07 PM

I have DNS servers configured to be 1.1.1.1 and 1.0.0.1.
I also have DNS resolver enabled (listening on 53 on the LAN interface and All outgoing network interfaces). Custom options include the following:

local-data: "local.lan. 10800 IN SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800"

server:
private-domain: "plex.direct"
include: /var/unbound/pfb_dnsbl.*conf
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
forward-addr: 9.9.9.9@853
forward-addr: 149.112.112.112@853

I ran a packet capture and went to a few random sites. The results show google DNS servers being used on 53.

I restarted the dnsmasq service, flushed windows dns, and chrome dns.

I'm not sure what else to configure to ensure using DNS over TLS. Any help would be appreciated.

tman222 · Sep 3, 2018, 3:19 PM

Hi @surfshack66,

Can you please confirm that:

The DNS Forwarder (Services, DNS Forwarder) is disabled?
The DNS Resolver (Servers, DNS Resolver) is enabled and the "Enable Forwarding Mode" option is checked?

Hope this helps.

A Former User · Sep 7, 2018, 2:25 AM

@tman222 said in Still using 53 despite configuring 853:

Hi @surfshack66,

Can you please confirm that:

The DNS Forwarder (Services, DNS Forwarder) is disabled?

The DNS Resolver (Servers, DNS Resolver) is enabled and the "Enable Forwarding Mode" option is checked?

Hope this helps.

Hi @tman222 - Thanks for the help. Turns out I had a firewall rule restricting certain ports on the LAN and 853 was not included. Also, that rule wasn't flagged to log alerts, so I didn't catch it.