SG-1000 - Send DNS queries over TLS



  • Hello,
    A while ago (I was not on 2.4.4 yet), on advice received on this forum, I did the following on my SG-1000 configuration:

    <quote>
    Since I want to use DNS over TLS as supplied by Cloudflare (1.1.1.1) or Quad9 (9.9.9.9)

    System / General Setup DNS Server setting

    DNS Servers 1.1.1.1 WAN_DHCP - wan 192.168.0.1
    1.0.0.1 WAN_DHCP - wan 192.168.0.1
    9.9.9.9 WAN_DHCP - wan 192.168.0.1
    149.112.112.112 WAN_DHCP - wan 192.168.0.1

    Untick Allow DNS server list to be overridden by DHCP/PPP on WAN
    (Airties or Zyxel will not prevail)

    Untick Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall

    Then, I want the DNS resolver to send DNS queries over TLS

    Services > DNS Resolver General Settings Custom options

    server:
    forward-zone:
    name: "."
    forward-ssl-upstream: yes
    forward-addr: 1.1.1.1@853
    forward-addr: 1.0.0.1@853
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853

    </unquote>

    While doing that, I had noted that: "This will become a GUI option in pfSense 2.4.4. At that time, custom option can be removed."

    This works, but I am now using 2.4.4, so I want to remove the above custom setting in order to keep my configuration as simple and understandable as it can be.

    Can I now remove my custom setting ?

    What GUI option, if any, should I tick or untick in order to replace my custom setting ?

    TIA


  • Rebel Alliance Developer Netgate

    • Go to System > General
    • Make sure the DNS server entries are set to 1.1.1.1, 1.0.0.1, 9.9.9.9 and 149.112.112.112.
    • Go to Services > DNS Resolver
    • Check Enable Forwarding Mode and Use SSL/TLS for outgoing DNS Queries to Forwarding Servers
    • Remove your custom options
    • Save
    • Apply changes


  • Thanks Jimp.