Menu
ls111's Cybersecurity Blog
  • Home
  • Contact
ls111's Cybersecurity Blog

DNS Over TLS on OPNSense – Extra Online Privacy Using Encryption

Posted on October 5, 2022September 19, 2023 by wp_writer
In this video I am going to show you how to use the built-in features that comes with the Unbound DNS service on your OPNSense firewall, to unlock additional privacy and security by using DNS over TLS to encrypt all your DNS transmissions over your network.

DNS by default sends all requests and responses in plaintext on UDP port 53, which means that anyone eavesdropping on your transmission such as a ISP or hacker can see exactly which websites you are going to, and even worse opens you up to in-path attacks where a hacker can manipulate the DNS response sending you to a site of their choosing.

Lets fix this in 5 minutes by enabling DNS over TLS on OPNsense using free DNS services provided by Google, Cloudflare or Quad9. Ready to take your cyber security to the next level? Lets jump straight into the video.

Links used in video:

  • https://cloud.google.com/dns/docs/dnssec
  • https://docs.opnsense.org/manual/unbound.html#dns-over-tls
  • https://www.cloudflare.com/learning/dns/dns-over-tls/
  • https://www.cloudflare.com/learning/dns/what-is-dns/
  • https://www.cloudflare.com/learning/security/threats/on-path-attack/

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Welcome to my blog! I discuss and showcase various cybersecurity topics. If you prefer to learn through watching video, please check out my YouTube channel, most of the content here also has a video version.

YouTube Channel
GitHub

Search by Category

  • Active Directory
  • Blue Team/Defensive
  • Cyber Security Lab Building Series
  • datadog
  • docker
  • Elasticsearch
  • General Cybersecurity
  • Kibana
  • Logstash
  • Network Security
  • OPNSense Firewall
  • Red Team/Pen Testing
  • SASE
  • Security Compliance
  • SIEM
  • Splunk Enterprise
  • TryHackMe Labs
  • Ubuntu Linux
  • Virtualization
  • Wazuh SIEM & XDR
  • Zenarmor NGFW

Search by Date

  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • December 2022
  • October 2022
  • September 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021

Recent Posts

  • Threat hunting made easy using the Community ID Network Flow Hashing capabilities built into Zenarmor and ELK (Elasticsearch, Logstash, and Kibana)
  • Considering migrating from pfSense to OPNsense? A guide to making your decision process easier
  • Integrating Zenarmor with Datadog – An MSSP and Business User Guide
  • How to integrate Zenarmor with Splunk Enterprise using Splunk Connect for Syslog (SC4S)
  • Integrating Zenarmor with your ELK stack (Elasticsearch, Logstash, and Kibana)

DISCLAIMER: All information, techniques and tools showcased on this website are for educational and ethical penetration testing purposes ONLY. NEVER attempt to use this information to gain unauthorized access to systems without the EXCPLICIT consent of its owners. This is a punishable offence by law in most countries.

©2025 ls111's Cybersecurity Blog | Powered by Superb Themes