Help a newbie - Please?
-
You don't need a cert just to use DNS over TLS. Just enable that in Unbound (the DNS resolver) and set it in forwarding mode. Then set Cloudflare's servers in System > General Setup.
-
I got that working on my Mac which is wired and has wifi to the internet, it's also working on my MacBook which is wifi only, thank you.
I tested it with this..........
https://developers.cloudflare.com/1.1.1.1/check/#:~:text=Enter%20https%3A%2F%2F1.1.1.1,center%20you%20are%20connected%20to.
But it isn't working on my iPhone or my iPad, which are both on the same wifi as the MacBook, they are attached to a router in AP mode which in turn is plugged into the Netgate 2100.
It's no big deal as Cloudflare have a nice little app, which does DNS over TLS on the iPhone and iPad and the above link confirms it.
-
Those devices may not be using pfSense for DNS directly. In which case you would need to redirect or block other DNS if you needed that.
https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html -
@estwing said in Help a newbie - Please?:
TLS over DNS to Cloudflare
Like : Cloudflaire Docs : DNS over TLS
So : step one :
Step two : Services > DNS Resolver > General Settings
Make sure these are checked - or un checked :
If ok, validate - and done.
-
Appreciate the comments, at the moment I can't get this working, my best guess is I don't know what Python is and I don't have any Python module scripts.
My goal with this was some extra security for everything in and out of my house, without the problems of using a VPN like Proton or Surfshark or other such stuff, which all seems pretty hopeless!
-
You don't need to enable python mode unless you're using pfBlocker.
-
That's interesting, I am using pfBlocker!
-
OK, it's generally better to use python mode in that case especially if you have a large number of lists. It's a lot faster. Either should work though.
-
I do appreciate your help with this, I'm in way over my depth now, I can't do Python!
Only a few weeks ago I didn't have any idea what port forwarding was, never mind NAT. If I try and run before I can walk, a bad habit of mine, it won't end well. Hopefully I'm already a lot more secure than your average home user.
Sometimes the only way to learnt something is to get your hands dirty, so I bought a Netgate 2100, I'll keep at it, I will get my head around this, eventually!
-
You don't need to know anything about Python. That just sets the module Unbound is using to import the lists from pfBlocker.
