DNS Resolver & Outgoing interface
-
Hello.
if short - what should I choose in outgoing interface to have secure network
if long - I am using DNS Resolver with NextDNS (paid option) and OpenVPN.
On my hardware firewall I have 4 OPT ports and I am using each port with different VPN server (IP address).
Settings in Services>DNS resolver>General settings under Outgoing Network Interface stuck me... SHould I choose only VPN1, or should I choose all VPN interfaces that I have?
What difference I only see if set up Outgoing interface only for VPN1 and OPT ports are silent in my NextDNS Logs. But when I choose Outgoing interface in DNS Resolver to VPN1 VPN2 VPN3, so this interfaces trying (or making) calls somewhere even if there is no wire in this port. So I just worry to do everything correct with my DNS and this setup stucked me.Thank you very much in advance
-
@Log1cal-Big7935 said in DNS Resolver & Outgoing interface:
if short - what should I choose in outgoing interface to have secure network
If you, as a person, can't answer that question, you still can have the safest solution right now.
It's easy, and you'll understand why.
Visit, for example, https://www.netgate.com/ and start reading. take your time.Then, come back here, and you'll understand the next phrase , and you'll know it's true.
Ready ?
Netgate delivers the latest pfSense version with the best settings possible out of the box !
Actually quiet logic, you agree ?There is no "When you installed pfSense, you are at risk. Do this "....." and this "....." to make it better.
If that situation existed, it would have been the default settings ....@Log1cal-Big7935 said in DNS Resolver & Outgoing interface:
if long - I am using DNS Resolver with NextDNS (paid option) and OpenVPN.
On my hardware firewall I have 4 OPT ports and I am using each port with different VPN server (IP address).
Settings in Services>DNS resolver>General settings under Outgoing Network Interface stuck me... SHould I choose only VPN1, or should I choose all VPN interfaces that I have?Ah, ok ... I see.
You could use (select) any of your "VPN" client interfaces, and unbound will use them, probably using a round robin method, and forwards your DNS requests to the DNS server you have set up : NextDNS.
Or select just one VPN client interface, as it really doesn't matter.And I admit right away : it has been ages that I used a "VPN ISP", so this is what I would do to check things :
First : if unbound starts up earlier as the VPN clients, it will use whatever interfaces are selected and avaible (activated).
If later on, the VPN interfaces come up : does unbound (get) restarted to take them in account the newly activated 'WAN' interface (your VPN client interface) and use them instead of the default WAN ?And also : does NextDNS offer "DNS over TLS" ? Because, if so, you don't care what outgoing interface unbound uses as the DNS traffic is already encrypted anyway. ( No need to tunnel into the tunnel ^^)
I think they do : Google : nextdns dns over tls and you'll get the picture.edit : never forget the golden rule : keep things simple.