|
|
|
|
@ -244,24 +244,31 @@ YoYo List https://pgl.yoyo.org/adservers/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------
|
|
|
|
|
Custom Forwarding
|
|
|
|
|
-------------------------
|
|
|
|
|
Query Forwarding
|
|
|
|
|
-------------------------
|
|
|
|
|
|
|
|
|
|
Enabling Query Forwarding in Unbound-->General lets Unbound use the configured system nameservers to
|
|
|
|
|
forward queries to. Since this does not allow for fine-grained control, the Custom Forwarding section allows for
|
|
|
|
|
entering arbitrary nameservers to forward queries to. It is assumed that the nameservers entered here are capable
|
|
|
|
|
of handling further recursion for any query. In this section you are able to specify nameservers to forward to
|
|
|
|
|
for specific domains queried by clients, catch all domains and specify nondefault ports.
|
|
|
|
|
The Query Forwarding section allows for entering arbitrary nameservers to forward queries to. It is assumed
|
|
|
|
|
that the nameservers entered here are capable of handling further recursion for any query. In this section
|
|
|
|
|
you are able to specify nameservers to forward to for specific domains queried by clients, catch all domains
|
|
|
|
|
and specify nondefault ports.
|
|
|
|
|
|
|
|
|
|
=====================================================================================================================
|
|
|
|
|
|
|
|
|
|
==================================== ===============================================================================
|
|
|
|
|
Use System Namerservers The configured system nameservers will be used to forward queries to.
|
|
|
|
|
This will override any entry made in the custom forwarding grid, except for
|
|
|
|
|
entries targeting a specific domain. If there are no system nameservers, you
|
|
|
|
|
will be prompted to add one in `General <settingsmenu.html#general>`__.
|
|
|
|
|
If you expected a DNS server from your WAN and it's not listed, make sure you
|
|
|
|
|
set "Allow DNS server list to be overridden by DHCP/PPP on WAN" there as well.
|
|
|
|
|
==================================== ===============================================================================
|
|
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
|
|
Keep in mind that if Query Forwarding in Unbound-->General is enabled, the system nameservers will be preferred
|
|
|
|
|
over any **catch-all entry** in both Custom Forwarding and DNS-over-TLS, this means that entries with a specific domain
|
|
|
|
|
Keep in mind that if the "Use System Nameservers" checkbox is checked, the system nameservers will be preferred
|
|
|
|
|
over any **catch-all entry** in **both** Query Forwarding and DNS-over-TLS, this means that entries with a specific domain
|
|
|
|
|
will still be forwarded to the specified nameserver.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
==================================== ===============================================================================
|
|
|
|
|
Enabled Enable query forwarding for this domain.
|
|
|
|
|
Domain Domain of the host. All queries for this domain will be forwarded to the
|
|
|
|
|
@ -276,13 +283,13 @@ Port Specify the port used by the DNS server. D
|
|
|
|
|
DNS over TLS
|
|
|
|
|
-------------------------
|
|
|
|
|
|
|
|
|
|
DNS over TLS uses the same logic as Custom Forwarding, except it uses TLS for transport.
|
|
|
|
|
DNS over TLS uses the same logic as Query Forwarding, except it uses TLS for transport.
|
|
|
|
|
|
|
|
|
|
=====================================================================================================================
|
|
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
|
|
Please be aware of interactions between Custom Forwarding and DNS over TLS. Since the same principle as Custom
|
|
|
|
|
Please be aware of interactions between Query Forwarding and DNS over TLS. Since the same principle as Query
|
|
|
|
|
Forwarding applies, a **catch-all entry** specified in both sections will be considered a duplicate zone.
|
|
|
|
|
In our case DNS over TLS will be preferred.
|
|
|
|
|
|
|
|
|
|
@ -295,7 +302,7 @@ Domain Domain of the host. All queries for this d
|
|
|
|
|
Server IP Address of the DNS server to be used for recursive resolution.
|
|
|
|
|
Port Specify the port used by the DNS server. Always enter port 853 here unless
|
|
|
|
|
there is a good reason not to, such as when using an SSH tunnel.
|
|
|
|
|
Verify CN The name to use for certificate verification, e.g. "445b9e.dns.nextdns.io"
|
|
|
|
|
Verify CN The name to use for certificate verification, e.g. "445b9e.dns.nextdns.io".
|
|
|
|
|
Used by Unbound to check the TLS authentication certificates.
|
|
|
|
|
It is strongly discouraged to omit this field since man-in-the-middle attacks
|
|
|
|
|
will still be possible.
|
|
|
|
|
|
Stephan de Wit
2 years ago