How to configure pfSense® to use Lumiun DNS via DoT
This configuration will make pfSense® forward DNS requests to Lumiun DNS using the secure DoT (DNS-over-TLS) protocol. The configuration is done in the default pfSense® DNS Resolver service, which is Unbound.
All devices on the local network that use this pfSense® (and its DNS Resolver) as a DNS server will observe the rules defined in the Policy assigned to the Site used in the configuration.
Configure pfSense® to use Lumiun DNS
- Access the Services → DNS Resolver menu.
- In Network Interfaces, keep LAN and Localhost selected.
- Uncheck the DNSSEC option.
- At the bottom of the page, click the Show Custom Options button to open the custom options box.
- Enter the following in the Custom options box — replacing abcd1234 with the desired site ID - see the ID on the Sites page.
server:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 76.223.1.120#abcd1234.dot.ldns.io
forward-addr: 13.248.132.249#abcd1234.dot.ldns.io
forward-addr: 2600:9000:a418:ffdb:d5fc:e6dc:e22a
#abcd1234.dot.ldns.io
forward-addr: 2600:9000:a51c:7f39:2f9c:3051:ed89:84f0#abcd1234.dot.ldns.io
- Save the configuration by clicking the Save button and confirm by clicking Apply Changes.
- Done! Now you can view the Reports on your Lumiun DNS panel and also set the rules of the Policy.
Updated on: 31/07/2024
Thank you!