DNS over TLS - 2.4.3 to 2.4.4



  • Hi,

    I just updated my pfsense from 2.4.3 to 2.4.4.

    pfblockerng configured with custom dns resolver config as the following:

    ssl-upstream: yes
    do-tcp: yes
    forward-zone:
    name: "."
    # Below 4 addresses are Cloudflare DNS
    forward-addr: 1.1.1.1@853
    forward-addr: 1.0.0.1@853
    forward-addr: 2606:4700:4700::1111@853
    forward-addr: 2606:4700:4700::1001@853
    server:include: /var/unbound/pfb_dnsbl.*conf

    Now with the 2.4.4 version, i believe the options are now GUI based. Can i remove all the above custom config and have the following in the GUI selected:

    Respond to incoming SSL/TLS queries from local clients
    Enable Forwarding Mode
    Use SSL/TLS for outgoing DNS Queries to Forwarding Servers

    Will pfblockerng still work?

    thanks in advanced.


  • Rebel Alliance Developer Netgate

    As long as you set the same DNS servers under System > General, then those options will be fine. You do not need to have the "respond to incoming SSL/TLS queries from local clients" option set unless you want it. That lets unbound work as an SSL/TLS Server, the outgoing query option is to act as an SSL/TLS Client which is what you had before.

    pfBlockerNG should be unaffected.



  • thanks for the response.

    do i need to keep anything in the custom options field then? i presume no.


  • Rebel Alliance Developer Netgate

    No, you do not.