Configuring pfSense® to use Lumiun DNS via the DoT protocol
This configuration will cause pfSense® to forward DNS requests to Lumiun DNS using the secure DoT (DNS-over-TLS) protocol. The configuration is done in pfSense®'s default DNS Resolver service, which is Unbound.
All devices on the local network that use this pfSense® (and its DNS Resolver) as a DNS server will now observe the rules defined in the Policy assigned to the site selected in the configuration.
Step-by-step
-
Go to the Services → DNS Resolver menu.
-
Under Network Interfaces, hold down the Ctrl key and select LAN and Localhost.
-
Uncheck the DNSSEC option.
-
At the bottom of the page, click the Show Custom Options button to open the custom options box.
-
Enter the following in the Custom Options box — replacing abcd1234 with the ID of the desired site - see the sites page for the ID. Also replace “dns_server_1,” “dns_server_2,” “dns6_server_1,” and “dns6_server_2” with the respective DNS servers for your site, located on the sites page.
server:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: dns_server_1#abcd1234.dot.ldns.io
forward-addr: dns_server_2#abcd1234.dot.ldns.io
forward-addr: dns6_server_1#abcd1234.dot.ldns.io
forward-addr: dns6_server_2#abcd1234.dot.ldns.io - Save the configuration by clicking the Save button and confirm by clicking Apply Changes.