DNS Resolver DNSCrypt with OpenDNS Configuration



  • BACKGROUND

    I've been trying to get DNS over TLS to work with OpenDNS, and wanted someone to confirm my configuration.

    • OpenDNS supports DNSCrypt via ports 53, 5353, and 443
    • Already have OpenDNS servers configured under General Settings and disable ISP override
    • DNS Resolver running.
    • Enabled SSL/TLS for outgoing DNS Queries to Forwarding Servers
    • Added the following custom settings to force use of 443 vs default 853
    forward-zone:
        name: "." 
        forward-addr: 208.67.222.222@443
        forward-addr: 208.67.220.220@443
    
    • Confirmed with packet capture WAN side DNS queries to OpenDNS are over port 443

    QUESTION

    Do I have it configured correctly?



  • UPDATE

    Apparently OpenDNS is using a different encryption library.

    https://www.opendns.com/about/innovations/dnscrypt/


Log in to reply