Still using 53 despite configuring 853



  • I have DNS servers configured to be 1.1.1.1 and 1.0.0.1.
    I also have DNS resolver enabled (listening on 53 on the LAN interface and All outgoing network interfaces). Custom options include the following:

    local-data: "local.lan. 10800 IN SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800"
    
    server:
    private-domain: "plex.direct"
    include: /var/unbound/pfb_dnsbl.*conf
    forward-zone:
    name: "."
    forward-ssl-upstream: yes
    forward-addr: 1.1.1.1@853
    forward-addr: 1.0.0.1@853
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853
    

    I ran a packet capture and went to a few random sites. The results show google DNS servers being used on 53.

    I restarted the dnsmasq service, flushed windows dns, and chrome dns.

    I'm not sure what else to configure to ensure using DNS over TLS. Any help would be appreciated.



  • Hi @surfshack66,

    Can you please confirm that:

    1. The DNS Forwarder (Services, DNS Forwarder) is disabled?
    2. The DNS Resolver (Servers, DNS Resolver) is enabled and the "Enable Forwarding Mode" option is checked?

    Hope this helps.



  • @tman222 said in Still using 53 despite configuring 853:

    Hi @surfshack66,

    Can you please confirm that:

    1. The DNS Forwarder (Services, DNS Forwarder) is disabled?
    2. The DNS Resolver (Servers, DNS Resolver) is enabled and the "Enable Forwarding Mode" option is checked?

    Hope this helps.

    Hi @tman222 - Thanks for the help. Turns out I had a firewall rule restricting certain ports on the LAN and 853 was not included. Also, that rule wasn't flagged to log alerts, so I didn't catch it.