DNS over TLS - 2.4.3 to 2.4.4
-
Hi,
I just updated my pfsense from 2.4.3 to 2.4.4.
pfblockerng configured with custom dns resolver config as the following:
ssl-upstream: yes
do-tcp: yes
forward-zone:
name: "."
# Below 4 addresses are Cloudflare DNS
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
forward-addr: 2606:4700:4700::1111@853
forward-addr: 2606:4700:4700::1001@853
server:include: /var/unbound/pfb_dnsbl.*confNow with the 2.4.4 version, i believe the options are now GUI based. Can i remove all the above custom config and have the following in the GUI selected:
Respond to incoming SSL/TLS queries from local clients
Enable Forwarding Mode
Use SSL/TLS for outgoing DNS Queries to Forwarding ServersWill pfblockerng still work?
thanks in advanced.
-
As long as you set the same DNS servers under System > General, then those options will be fine. You do not need to have the "respond to incoming SSL/TLS queries from local clients" option set unless you want it. That lets unbound work as an SSL/TLS Server, the outgoing query option is to act as an SSL/TLS Client which is what you had before.
pfBlockerNG should be unaffected.
-
thanks for the response.
do i need to keep anything in the custom options field then? i presume no.
-
No, you do not.
