MadaMada

@madamada@snac.void.my

SysAdmin with a simple life..interested in FOSS, FreeBSD, Linux, IPv6, cloud stuff and whatever things that come along the way I find interesting..
JabberIDmadamada@xpath.my
Matrix@madamada:matrix.org
Emailmada@void.my
Webhttps://buster.xpath.my
Geminigemini://warlock.xpath.my
TheFediPeoplehttps://fediverse.info/explore/people
Yggdrasilhttps://yggdrasil-network.github.io/
1 ★ 0 ↺

[?]MadaMada ยป
@madamada@snac.void.my

Forward DNS requests to upsteam over TLS with BIND9

Add the following to named.conf or named.conf.options

// BIND9 configuration
//
// TLS upstream servers
tls cloudflare-tls {
  remote-hostname "one.one.one.one";
  protocols { TLSv1.3; };
};
tls opendns-tls {
  remote-hostname "dns.opendns.com";
  protocols { TLSv1.3; };
};
tls dns-sb-tls {
  remote-hostname "dns.sb";
  protocols { TLSv1.2; TLSv1.3; };
};
options {
...
  forwarders port 853 {
     2620:119:35::35 tls "opendns-tls";
     2620:119:53::53 tls "opendns-tls";
     208.67.220.220 tls "opendns-tls;"
     208.67.222.222 tls "opendns-tls";
     2606:4700:4700::1001 tls "cloudflare-tls";
     2606:4700:4700::1111 tls "cloudflare-tls";
     1.1.1.1 tls "cloudflare-tls";
     1.0.0.1 tls "cloudflare-tls";
     2a09:: tls "dns-sb-tls";
     2a11:: tls "dns-sb-tls";
     185.222.222.222 tls "dns-sb-tls";
  };
  forward first;
};
Save the configuration and reload named: rndc reconfig .. Now all requests to the upstream DNS servers will use TLS 🙂

History

about this site - powered by snac/2.83