Todo #12273
closed
Feedback on pfSense Configuration Recipes — Configuring DNS over TLS
0%
Description
Page: https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
Feedback:
The DoT configuration recipe should recommend to set the DNS resolution behavior to Use local DNS (127.0.0.1), ingore remote DNS Servers and/or make this setting the pfsense default:
Otherwise DNS requests from the firewall itself will still be sent to the configured DoT servers on port 53. This fact should at least be mentioned on the recipe page. The details can be found in on the netgate forums: https://forum.netgate.com/topic/165857/dns-over-tls-dot-config-still-shows-traffic-with-destination-port-53.
Files
Updated by Jim Pingle over 2 years ago
- Status changed from New to In Progress
- Assignee set to Jim Pingle
Updated by Jim Pingle over 2 years ago
- Status changed from In Progress to Resolved
Updated by Cy BiS over 2 years ago
Jim Pingle wrote in #note-2:
Done.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/489cafdc46a02979926e0d36409a6cd01bebe957
Thanks for updating the docs!
There's a small error though: "This prevents DNS requests from the firewall being leaked unencrypted on port 63 if the resolver is temporarily unavailable." --> should be changed to port 53.
Updated by Jim Pingle over 2 years ago
Thanks for catching that! I've pushed a fix. If it's not up yet, it will be momentarily when the build finishes.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/0d8533bb72272dd138d2513d8cce4d2f575facc2