This is how you enable DNS over TLS using pfSense to help encrypt your DNS queries.
We will be using CloudFlare DNS servers I will list other options you can use at the bottom of this article.
Navigate to System> General > DNS Server Settings.
And add your DNS Servers (IE 1.1.1.2, 1.0.0.2)
Then Save.

Navigate to Services > DNS Resolver > General Settings
Enable the following under DNS Query Forwarding: Enable Forwarding Mode and Use SSL/TLS for outgoing DNS Queries to Forwarding Servers
Then Save and Apply.

Host | IP addresses | TLS Ports | Hostname for TLS authentication |
Quad9 malware blocking | 9.9.9.9 | 853 | dns.quad9.net |
Quad9 ‘insecure’ | 9.9.9.10 | 853 | dns.quad9.net |
Cloudflare | 1.1.1.1 or 1.0.0.1 | 853 | cloudflare-dns.com |
Cloudflare Malware blocking | 1.1.1.2 or 1.0.0.2 | 853 | cloudflare-dns.com |
CleanBrowsing | 185.228.168.9:853 and 185.228.169.9:853 | 853 | the CleanBrowsing website |
Adguard (blocks ads and malware) | 176.103.130.130 or 176.103.130.131 | 853 | https://adguard.com/en/blog/adguard-dns-announcement/ |
Leave a Reply