pfsense:stopping_dns_leaks
This is an old revision of the document!
PFSense - Stopping DNS Leaks
Navigate to Services → DNS Resolver
- DNS Query Forwarding: Not Checked.
- Custom Options:
server: ssl-upstream: yes do-tcp: yes forward-zone: name: "." forward-addr: 1.1.1.1@853 forward-addr: 1.0.0.1@853 forward-addr: 2606:4700:4700::1111@853 forward-addr: 2606:4700:4700::1001@853
It’s OK to set the resolver to listen on all interfaces, since the firewall rules on the WAN will prevent Internet hosts from using your resolver anyway.
Follow the prompts, then test it with something like;
dig www.google.com @yourrouter.local
You should see a resolve against your router’s local DNS resolver that works.
If you really want, use Diagnostics → Packet Capture, and capture port 853 to verify that requests are being triggered.
pfsense/stopping_dns_leaks.1586875077.txt.gz · Last modified: 2020/07/15 09:30 (external edit)