DNS-TLS using Quad 9 (Noob question)



  • I just upgraded my pfSense and turned on DNS- SSL/TLS. I enabled port 853 and 53 in my VLAN rules allowing access to the VLAN address(followed by a block all other access to 853 and 53).

    Below is what I am trying to do(thanks occamrazor for the help):
    https://forum.netgate.com/topic/135899/dns-ssl-tls-pfblockerng-develop-vlans-quad9

    I was playing around and removed port 53 from my rules in an attempt to try to force all DNS traffic with SSL/TLS thru Quad9(which does support DNS-SSL/TLS).

    While I didn't test many sites I noticed I was only able to navigate to Google with 853 enabled only. Despite the fact I am using Quad9 which does support DNS-SSL/TLS does the actual website itself need to support DNS-SSL/TLS?

    In other words do I need to allow port 53 and 853 to effectively make this functional?

    I know this feature is new but wanted to ask...

    Thx