Todo #12273
closedFeedback on pfSense Configuration Recipes — Configuring DNS over TLS
0%
Description
Page: https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
Feedback:
The DoT configuration recipe should recommend to set the DNS resolution behavior to Use local DNS (127.0.0.1), ingore remote DNS Servers
and/or make this setting the pfsense default:
Otherwise DNS requests from the firewall itself will still be sent to the configured DoT servers on port 53
. This fact should at least be mentioned on the recipe page. The details can be found in on the netgate forums: https://forum.netgate.com/topic/165857/dns-over-tls-dot-config-still-shows-traffic-with-destination-port-53.
Files
Updated by Jim Pingle over 2 years ago
- Status changed from New to In Progress
- Assignee set to Jim Pingle
Updated by Jim Pingle over 2 years ago
- Status changed from In Progress to Resolved
Updated by Cy BiS over 2 years ago
Jim Pingle wrote in #note-2:
Done.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/489cafdc46a02979926e0d36409a6cd01bebe957
Thanks for updating the docs!
There's a small error though: "This prevents DNS requests from the firewall being leaked unencrypted on port 63 if the resolver is temporarily unavailable." --> should be changed to port 53.
Updated by Jim Pingle over 2 years ago
Thanks for catching that! I've pushed a fix. If it's not up yet, it will be momentarily when the build finishes.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/0d8533bb72272dd138d2513d8cce4d2f575facc2