How to configure DNS over TLS in 2.4.4?
-
I've read the Netgate blog post regarding enabling this feature in 2.4.3. At the end of the post it states that custom options will not be necessary in 2.4.4. Not exactly sure what is necessary though.
I entered the Cloudflare and Quad9 servers in DNS Server settings.
I'm a little vague on what the check for DNS Resolver settings though.
-
If you want the firewall itself to only use the DNS servers that you specify in System > General, then you'll want to uncheck the "Allow DNS server list to be overridden by DHCP/PPP on WAN" option.
For DNS over TLS, you need to put unbound into forwarding mode. Check the "Enable Forwarding Mode" and "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers" options. 2.4.3 didn't have that latter check box, and instead you needed to add custom options for DNS over TLS, so that's what the post you mention was referring to.
-
@thenarc said in How to configure DNS over TLS in 2.4.4?:
For DNS over TLS, you need to put unbound into forwarding mode.
In the blog post it's specifically mentioned that forwarding mode "must be disabled".
-
That's only because in the blog post, which applies to 2.4.3, you put it into forwarding mode using custom options.
-
@thenarc
Thanks for the info.