DNS over TLS issues with Resolver

  • Good Morning all,

    I have started trying to use DNS over TLS with quad 9 as my DNS provider. There is an issue that I am seeing where certain sites do not resolve correctly versus when using Pfsense as my DNS resolver(local unbound resolver). Below is my setup under general

    Then we have my DNS settings


    My LAN rules are as follows (leaving the port 53 rules up and active as I am testing, so switch between local and quad 9 DNS)

    And below is what comes out for this specific site


    This is what shows up in the logs for DNS when I reload the page

    Any help or insight as to why the page correctly loads the images when using local DNS for unbound vs quad9 ( also happens when using cloudflare and google DNS)? Thank you in advance.

    EDIT: added the logs for when local Pfsense DNS is used on the same site, and the images load correctly on the site

  • I don't know if this is going to only be temporary or permanent fix, but for the specific site, putting cloudflare DNS first helped it. It seemed that the quad 9 had an issue trying to resolve the site.

  • I’ve been trying to get DoT working today, and gives invalid signatures when checked using https://dnssec.vs.uni-due.de
    Only by itself, or servers from cloudflare get a "thumbs up."

    This may not be your issue, but "your mileage may vary."

Log in to reply