How to configure pfSense® to use Lumiun DNS via DoT

This configuration will make pfSense® forward DNS requests to Lumiun DNS using the secure DoT (DNS-over-TLS) protocol. The configuration is done in the default pfSense® DNS Resolver service, which is Unbound.

All devices on the local network that use this pfSense® (and its DNS Resolver) as a DNS server will observe the rules defined in the Policy assigned to the Site used in the configuration.

Configure pfSense® to use Lumiun DNS

Access the Services → DNS Resolver menu.
In Network Interfaces, keep LAN and Localhost selected.
Uncheck the DNSSEC option.
At the bottom of the page, click the Show Custom Options button to open the custom options box.
Enter the following in the Custom options box — replacing abcd1234 with the desired site ID - see the ID on the Sites page.

server:
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 76.223.1.120#abcd1234.dot.ldns.io
forward-addr: 13.248.132.249#abcd1234.dot.ldns.io
forward-addr: 2600:9000:a418:ffdb:d5fc:e6dc:e22a
#abcd1234.dot.ldns.io
forward-addr: 2600:9000:a51c:7f39:2f9c:3051:ed89:84f0#abcd1234.dot.ldns.io

Save the configuration by clicking the Save button and confirm by clicking Apply Changes.
Done! Now you can view the Reports on your Lumiun DNS panel and also set the rules of the Policy.

Updated on: 31/07/2024