DNS by default sends all requests and responses in plaintext on UDP port 53, which means that anyone eavesdropping on your transmission such as a ISP or hacker can see exactly which websites you are going to, and even worse opens you up to in-path attacks where a hacker can manipulate the DNS response sending you to a site of their choosing.
Lets fix this in 5 minutes by enabling DNS over TLS on OPNsense using free DNS services provided by Google, Cloudflare or Quad9. Ready to take your cyber security to the next level? Lets jump straight into the video.
Links used in video:
- https://cloud.google.com/dns/docs/dnssec
- https://docs.opnsense.org/manual/unbound.html#dns-over-tls
- https://www.cloudflare.com/learning/dns/dns-over-tls/
- https://www.cloudflare.com/learning/dns/what-is-dns/
- https://www.cloudflare.com/learning/security/threats/on-path-attack/