I have an existing DNS server with BIND9 configured and my domain with DNS managed by Cloudflare. I'm unable to successfully connect to DNS server using DNS over TLS via my domain. Based on dig results I'm able to resolve domain pointing to existing DNS server but unable to do so when I point to my domain for both DNS (53) and DNS over TLS (853). I have attached my pfSense configuration. My goal is to be able to connect to existing DNS server using DNS over TLS via my domain.
x.x.com = my domain
x.x.x.x = my public ip address
root@hxhdns:~# dig google.com
; <<>> DiG 9.18.24-1+ubuntu22.04.1+deb.sury.org+1-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16761
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 205 IN A 142.251.175.101
google.com. 205 IN A 142.251.175.138
google.com. 205 IN A 142.251.175.139
google.com. 205 IN A 142.251.175.100
google.com. 205 IN A 142.251.175.102
google.com. 205 IN A 142.251.175.113
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Mar 30 10:28:59 +08 2024
;; MSG SIZE rcvd: 135
root@hxhdns:~# dig @x.x.com google.com
;; communications error to x.x.x.x#53: timed out
;; communications error to x.x.x.x#53: timed out
;; communications error to x.x.x.x#53: timed out
; <<>> DiG 9.18.24-1+ubuntu22.04.1+deb.sury.org+1-Ubuntu <<>> @x.x.com google.com
; (1 server found)
;; global options: +cmd
;; no servers could be reached
root@hxhdns:~# dig google.com +tls
; <<>> DiG 9.18.24-1+ubuntu22.04.1+deb.sury.org+1-Ubuntu <<>> google.com +tls
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10244
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: caaf9b54f3c6ebc5010000006607791628c015fecd442601 (good)
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 162 IN A 142.251.175.139
google.com. 162 IN A 142.251.175.102
google.com. 162 IN A 142.251.175.100
google.com. 162 IN A 142.251.175.101
google.com. 162 IN A 142.251.175.113
google.com. 162 IN A 142.251.175.138
;; Query time: 0 msec
;; SERVER: 127.0.0.53#853(127.0.0.53) (TLS)
;; WHEN: Sat Mar 30 10:29:42 +08 2024
;; MSG SIZE rcvd: 163
root@hxhdns:~# dig @x.x.com google.com +tls
;; Connection to x.x.x.x#853(x.x.x.x) for google.com failed: timed out.
;; no servers could be reached
;; Connection to x.x.x.x#853(x.x.x.x) for google.com failed: timed out.
;; no servers could be reached
;; Connection to x.x.x.x#853(x.x.x.x) for google.com failed: timed out.
;; no servers could be reached
root@hxhdns:~#
pfsense_network_address_translation.jpg
pfsense_port_forward.jpg
pfsense_firewall.jpg