pfsense:stopping_dns_leaks
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| pfsense:stopping_dns_leaks [2020/04/14 14:37] – created peter | pfsense:stopping_dns_leaks [2020/11/30 12:07] (current) – removed peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== PFSense - Stopping DNS Leaks ====== | ||
| - | Navigate to **Services -> DNS Resolver** | ||
| - | |||
| - | * DNS Query Forwarding: | ||
| - | * Custom Options: | ||
| - | server: | ||
| - | ssl-upstream: | ||
| - | do-tcp: yes | ||
| - | forward-zone: | ||
| - | name: " | ||
| - | forward-addr: | ||
| - | forward-addr: | ||
| - | forward-addr: | ||
| - | forward-addr: | ||
| - | </ | ||
| - | |||
| - | |||
| - | It’s OK to set the resolver to listen on all interfaces, since the firewall rules on the WAN will prevent Internet hosts from using your resolver anyway. | ||
| - | |||
| - | Follow the prompts, then test it with something like; | ||
| - | |||
| - | <code bash> | ||
| - | dig www.google.com @yourrouter.local | ||
| - | </ | ||
| - | |||
| - | You should see a resolve against your router’s local DNS resolver that works. | ||
| - | |||
| - | If you really want, use **Diagnostics -> Packet Capture**, and capture port 853 to verify that requests are being triggered. | ||
pfsense/stopping_dns_leaks.1586875077.txt.gz · Last modified: 2020/07/15 09:30 (external edit)