I did an update to core 141 and wanted to switch to DoT, so I changed the DNS protocol from tcp to tls and updated my DNS firewall rules vom TCP 53 to TCP 853. However that doesn’t work
What am I missing? thx Terry
I did an update to core 141 and wanted to switch to DoT, so I changed the DNS protocol from tcp to tls and updated my DNS firewall rules vom TCP 53 to TCP 853. However that doesn’t work
What am I missing? thx Terry
Hi Terry,
can you fgve us some mor information please?
Hm which one? I thought switching DNS to DoT is done with only changing the DNS protocoll. SO I changed it from TCP to TLS. Also per default all communication is blocked for ipfire and the other networks. So I have firewall rules to allow TCP DNS communication and since DoT is still TCP I only changed the Port from 53 to 853 but it doesn’t work . I get tons of firewall log entries for UDP Port 53 (that is not DoT).
Ah yeah and I tested DoT with the rule “firewall outgoing: allowed” and it works (Working (Recursor-Modus) but in recursor mode (why is that?). So the main problem is related to iptables (not again! ).
maybe the problem is “all is blocked”? In my case outgoing is allowed.
Ah i see you testet it also, than i have no idea sorry. Maybe a developer can say more.
I also just added a UDP Port 53 rule in addition to the TCP Port 853 but no changes: still broken.
Unbound switched to recursor mode if no forward server is configured.
If you switch on “TLS” all servers without a hostname will skipped because the hostname is needed vor tls validation.
How do I do that? I was looking for a wiki but couldn’t find it.
Edit: I did just define the DNS hostenames and it’s working. Thx. So I don’t know what you mean by this but it looks like I don’t need anything else to be done.
Ah OK the DNS server list/overview doesn’t show a column with TLS hostnames so I didn’t expect that. Done.