4. DNS over TLS - 2.4.3 to 2.4.4

DNS over TLS - 2.4.3 to 2.4.4

  • S

    Hi,

    I just updated my pfsense from 2.4.3 to 2.4.4.

    pfblockerng configured with custom dns resolver config as the following:

    ssl-upstream: yes
    do-tcp: yes
    forward-zone:
    name: "."
    # Below 4 addresses are Cloudflare DNS
    forward-addr: 1.1.1.1@853
    forward-addr: 1.0.0.1@853
    forward-addr: 2606:4700:4700::1111@853
    forward-addr: 2606:4700:4700::1001@853
    server:include: /var/unbound/pfb_dnsbl.*conf

    Now with the 2.4.4 version, i believe the options are now GUI based. Can i remove all the above custom config and have the following in the GUI selected:

    Respond to incoming SSL/TLS queries from local clients
    Enable Forwarding Mode
    Use SSL/TLS for outgoing DNS Queries to Forwarding Servers

    Will pfblockerng still work?

    thanks in advanced.

    0
  • Rebel Alliance Developer Netgate

    As long as you set the same DNS servers under System > General, then those options will be fine. You do not need to have the "respond to incoming SSL/TLS queries from local clients" option set unless you want it. That lets unbound work as an SSL/TLS Server, the outgoing query option is to act as an SSL/TLS Client which is what you had before.

    pfBlockerNG should be unaffected.

    2
  • S

    thanks for the response.

    do i need to keep anything in the custom options field then? i presume no.

    0
  • Rebel Alliance Developer Netgate

    No, you do not.

    1
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy