SG-1000 - Send DNS queries over TLS

  • Hello,
    A while ago (I was not on 2.4.4 yet), on advice received on this forum, I did the following on my SG-1000 configuration:

    Since I want to use DNS over TLS as supplied by Cloudflare ( or Quad9 (

    System / General Setup DNS Server setting

    DNS Servers WAN_DHCP - wan WAN_DHCP - wan WAN_DHCP - wan WAN_DHCP - wan

    Untick Allow DNS server list to be overridden by DHCP/PPP on WAN
    (Airties or Zyxel will not prevail)

    Untick Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall

    Then, I want the DNS resolver to send DNS queries over TLS

    Services > DNS Resolver General Settings Custom options

    name: "."
    forward-ssl-upstream: yes


    While doing that, I had noted that: "This will become a GUI option in pfSense 2.4.4. At that time, custom option can be removed."

    This works, but I am now using 2.4.4, so I want to remove the above custom setting in order to keep my configuration as simple and understandable as it can be.

    Can I now remove my custom setting ?

    What GUI option, if any, should I tick or untick in order to replace my custom setting ?


  • Rebel Alliance Developer Netgate

    • Go to System > General
    • Make sure the DNS server entries are set to,, and
    • Go to Services > DNS Resolver
    • Check Enable Forwarding Mode and Use SSL/TLS for outgoing DNS Queries to Forwarding Servers
    • Remove your custom options
    • Save
    • Apply changes

  • Thanks Jimp.

Log in to reply