DNS resolver for use in China
-
I'm setting up pfsense for home use in China and would like to utilize the DNS resolver's functionality to gain full access to domains restricted by China's GFW. But I realized that the GFW blocks any DNS requests to a server other than the Chinese DNS server. Is there a workaround besides using a site-to-site vpn?
-
@1amt0ny you could try and use dot (dns over tls) or doh (dns over https).. I would guess they most likely would block dot, unless you can find one that runs on something other than the default port of 853.
Doh would be harder to block - but for gov shouldn't be too difficult either. Your best best is prob some vpn to some vps somewhere and route your dns through that.
-
@johnpoz for DNS over https isn't it just forwarding the query to an external DNS server via https? but how would the query even be able to reach the external server, say 1.1.1.1, if the GFW already blocks it?
-
@1amt0ny yes doh is forwarding over https.. While they might block dns tcp/udp over 53.. Its "possible" they don't block normal 443 traffic.
-
@johnpoz so based on that I could just set upstream to 1.1.1.1 in pfSense and forward the DNS queries to it over https? but is there a way to forward DNS over https in pfSense? I don't see that option in the unbound resolver.
-
@1amt0ny no pfsense only supports dot not doh, you would have to setup something else to do forwarding via doh, or just your browser doing it.
-
@johnpoz got it thanks!
