I'm running 2.4.3-RELEASE (amd64). I can't get it working here either after a couple hours of poking at it on and off, it now looks like this is actually a Cloudflare issue:

https://community.cloudflare.com/t/1-1-1-1-was-working-but-not-anymore/15136/4

"Thanks for the report! This is going to be fixed in the next upgrade that’s being rolled out. There was an interop issue in the last upgrade with Unbound as it sends the frame size and the actual DNS message in two separate packets instead of both at once."

So it looks like the immediate solution is to revert to port 53 and wait for Cloudflare. I can also confirm that 9.9.9.9@853 does work here which re-enforces that this is a Cloudflare specific issue.


On 2018-04-04 19:23, James wrote:
Sorry, mine was indeed on 2.4.X. The daemon appeared to start up but any 
queries returned no records.



On Thu, 5 Apr 2018, at 11:20 AM, Steve Yates wrote:
Wild guess, but did you try it in 2.4.x?

--

Steve Yates
ITS, Inc.

-----Original Message-----
From: List <list-boun...@lists.pfsense.org> On Behalf Of Bryan D.
Sent: Wednesday, April 4, 2018 8:01 PM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: [pfSense] DNS over TLS config for pfSense 2.2.6

Re: https://www.netgate.com/blog/dns-over-tls-with-pfsense.html
---
Applying the suggested "Custom Options" to the Unbound/DNS Resolver
configuration in pfSense 2.2.6 does not work, with logs indicating that
"forward-ssl-upstream" is invalid.

I tried various incantations using "server:<newline>ssl-upstream: yes"
with and without "ssl-port: 853" and, although the unbound service would
then run, a DNS/host query always indicated that no hosts were found.

Does anyone know a configuration that will work with pfSense 2.2.6?

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to