OPNsense set up and configure DNS Over TLS (DoT)

OPNsense is an open-source, FreeBSD-based firewall and routing security software that also acts as a DNS resolver for all of your desktops and mobile devices. Learn how to configure the OPNsense DNS resolver to encrypt all DNS queries to protect from eavesdropping and increase your privacy and security online in this tutorial.

All DNS queries routed using plaintext. We either use UDP and TCP protocol 53 in plaintext, and your ISP or an attacker/hacker can monitor transmissions even if you use HTTPS, the DNS queries and answers of the site leaked. Hence we need to encrypt our DNS queries to protect ourselves. DNS over TLS (DoT) is nothing but a security protocol for encrypting DNS traffic using the Transport Layer Security (TLS) protocol. The main objective is to increase your security and privacy. Some benefits of DNS over TLS:

• Avoid manipulation DNS.
• Get rid of man-in-the-middle attacks.
• No more eavesdropping.