How to configure encrypted DNS on pfSense® with Lumiun DNS

This configuration will make pfSense® forward DNS requests using the secure DoT protocol (DNS-over-TLS). The configuration is done in the pfSense® default DNS Resolver service, which is Unbound.

All devices on the local network that use this pfSense® (and its DNS Resolver) as their DNS server will observe the rules defined in the Policy assigned to the Location used in the configuration.

Setting pfSense® to use encrypted DNS with Lumiun DNS

1. Access the menu Services → DNS Resolver.

2. At the bottom of the page, click the Display Custom Options button to open the custom options box.

3. Enter the following in the Custom options box — *replacing abcd1234 with the desired location ID - see what the ID is on the Locations page *.

server:
  forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 76.223.1.120#abcd1234.dot.ldns.io
    forward-addr: 13.248.132.249#abcd1234.dot.ldns.io

4. Save the configuration by clicking on the Save button.

5. Confirm by clicking on Apply Changes.

6. Done! Now you can view the reports in your Lumiun DNS dashboard and also define the rules of the Policy.

Updated on: 31/07/2024