SG-1000 - Send DNS queries over TLS
-
Hello,
A while ago (I was not on 2.4.4 yet), on advice received on this forum, I did the following on my SG-1000 configuration:<quote>
Since I want to use DNS over TLS as supplied by Cloudflare (1.1.1.1) or Quad9 (9.9.9.9)System / General Setup DNS Server setting
DNS Servers 1.1.1.1 WAN_DHCP - wan 192.168.0.1
1.0.0.1 WAN_DHCP - wan 192.168.0.1
9.9.9.9 WAN_DHCP - wan 192.168.0.1
149.112.112.112 WAN_DHCP - wan 192.168.0.1Untick Allow DNS server list to be overridden by DHCP/PPP on WAN
(Airties or Zyxel will not prevail)Untick Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall
Then, I want the DNS resolver to send DNS queries over TLS
Services > DNS Resolver General Settings Custom options
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
forward-addr: 9.9.9.9@853
forward-addr: 149.112.112.112@853</unquote>
While doing that, I had noted that: "This will become a GUI option in pfSense 2.4.4. At that time, custom option can be removed."
This works, but I am now using 2.4.4, so I want to remove the above custom setting in order to keep my configuration as simple and understandable as it can be.
Can I now remove my custom setting ?
What GUI option, if any, should I tick or untick in order to replace my custom setting ?
TIA
-
- Go to System > General
- Make sure the DNS server entries are set to
1.1.1.1,1.0.0.1,9.9.9.9and149.112.112.112. - Go to Services > DNS Resolver
- Check Enable Forwarding Mode and Use SSL/TLS for outgoing DNS Queries to Forwarding Servers
- Remove your custom options
- Save
- Apply changes
-
Thanks Jimp.
