{"id":11973,"date":"2024-02-28T15:56:22","date_gmt":"2024-02-28T07:56:22","guid":{"rendered":"https:\/\/blog.pfchina.org\/?p=11973"},"modified":"2024-03-03T10:46:47","modified_gmt":"2024-03-03T02:46:47","slug":"opnsense-%e9%85%8d%e7%bd%aedot","status":"publish","type":"post","link":"https:\/\/blog.pfchina.org\/?p=11973","title":{"rendered":"OPNsense\u914d\u7f6eDNS over TLS"},"content":{"rendered":"<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\"><span class=\"VIpgJd-yAWNEb-VIpgJd-fmcmS-sn54Q\">OPNsense \u662f\u4e00\u6b3e\u57fa\u4e8e FreeBSD \u7684\u5f00\u6e90\u8def\u7531\u548c\u9632\u706b\u5899\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u8fd8\u53ef\u4ee5\u4f5c\u4e3a\u6240\u6709\u79fb\u52a8\u8bbe\u5907\u548c\u53f0\u5f0f\u673a\u7684 DNS \u89e3\u6790\u5668\u3002\u4f46\u662f\uff0c\u6240\u6709 DNS \u67e5\u8be2\u90fd\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u4f20\u8f93\u3002<\/span><span class=\"VIpgJd-yAWNEb-VIpgJd-fmcmS-sn54Q\">ISP\u6216\u9ed1\u200b\u200b\u5ba2\u53ef\u4ee5\u901a\u8fc7UDP\u548cTCP \u534f\u8bae53\u4ee5\u7eaf\u6587\u672c\u5f62\u5f0f\u62e6\u622a\u4f20\u8f93\uff0c\u4ece\u800c\u7834\u574fDNS \u67e5\u8be2\u548c\u54cd\u5e94\u3002\u51fa\u4e8e\u5b89\u5168\u76ee\u7684\uff0c\u6709\u5fc5\u8981\u52a0\u5bc6DNS\u7684\u67e5\u8be2\u3002DNS over TLS (DoT) \u662f\u4e00\u79cd\u5229\u7528\u4f20\u8f93\u5c42\u5b89\u5168\u6027 (TLS) \u52a0\u5bc6<\/span><span class=\"VIpgJd-yAWNEb-VIpgJd-fmcmS-sn54Q\">DNS<\/span><span class=\"VIpgJd-yAWNEb-VIpgJd-fmcmS-sn54Q\">\u6d41\u91cf\u7684\u5b89\u5168\u534f\u8bae<\/span><span class=\"VIpgJd-yAWNEb-VIpgJd-fmcmS-sn54Q\">\uff0c\u4e5f\u662f\u6700\u5e38\u89c1\u7684<\/span><span class=\"VIpgJd-yAWNEb-VIpgJd-fmcmS-sn54Q\">DNS \u5b89\u5168<\/span><span class=\"VIpgJd-yAWNEb-VIpgJd-fmcmS-sn54Q\">\u89e3\u51b3\u65b9\u6848\u4e4b\u4e00\u3002\u4e3b\u8981\u76ee\u7684\u662f\u589e\u5f3a\u4e2a\u4eba\u7684\u5b89\u5168\u548c\u9690\u79c1\u3002DNS over TLS \u7684\u4e00\u4e9b\u4f18\u70b9\u5982\u4e0b\uff1a<\/span><\/p>\n<ul style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u9632\u6b62 DNS \u64cd\u7eb5\u3002<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u6d88\u9664\u4e2d\u95f4\u4eba\u653b\u51fb\u3002<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u9632\u6b62\u95f4\u8c0d\u6d3b\u52a8\u3002<\/li>\n<\/ul>\n<div class=\"ideal-image\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<div data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11988\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls.png\" alt=\"DNS over TLS\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls.png 1920w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-300x169.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-1024x576.png 1024w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-768x432.png 768w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-1536x864.png 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><\/a><\/div>\n<\/div>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u672c\u6559\u7a0b\u5c06\u6559\u60a8\u5982\u4f55\u914d\u7f6eOPNsense DNS\u89e3\u6790\u5668\u6765\u52a0\u5bc6\u6240\u6709\u7684DNS\u67e5\u8be2\uff0c\u4ee5\u9632\u6b62\u88ab\u76d1\u89c6\u5e76\u589e\u5f3a\u5728\u7ebf\u9690\u79c1\u548c\u5b89\u5168\u6027\u3002\u4e3b\u8981\u5206\u4ee5\u4e0b\u4e09\u4e2a\u6b65\u9aa4\uff1a<\/p>\n<ul>\n<li>\u5728 OPNsense\u4e0a\u542f\u7528DoT<\/li>\n<li>\u914d\u7f6eDNS\u548cDHCP\u670d\u52a1\u5668<\/li>\n<li>\u9a8c\u8bc1DoT \u914d\u7f6e<\/li>\n<\/ul>\n<h1 class=\"anchor anchorWithStickyNavbar_LWe7\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u6dfb\u52a0DoT<\/h1>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">OPNSense \u9632\u706b\u5899\u4f7f\u7528\u7531 NLnet Labs \u5f00\u53d1\u7684 Unbound DNS \u4f5c\u4e3a\u5176\u9ed8\u8ba4 DNS \u63d0\u4f9b\u7a0b\u5e8f\uff0c\u8be5\u63d0\u4f9b\u7a0b\u5e8f\u5df2\u9884\u5148\u5b89\u88c5\u5e76\u9ed8\u8ba4\u6fc0\u6d3b\u3002Unbound DNS \u662f\u4e00\u6b3e\u5168\u9762\u7684 DNS \u89e3\u6790\u5668\uff0c\u80fd\u591f\u4e0e\u4e92\u8054\u7f51\u4e0a\u7684DNS \u6839\u670d\u52a1\u5668\u5efa\u7acb\u76f4\u63a5\u901a\u4fe1\u3002Unbound DNS \u63d0\u4f9b\u9a8c\u8bc1\u3001\u9012\u5f52\u548c\u7f13\u5b58 DNS \u529f\u80fd\uff0c\u8fd9\u4e9b\u529f\u80fd\u4f18\u4e8e\u666e\u901a\u8def\u7531\u5668\u4e2d\u7684\u6807\u51c6 DNS \u8f6c\u53d1\u5668\u3002<\/p>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u8981\u5728OPNsense\u9632\u706b\u5899\u4e0a\u914d\u7f6e\u548c\u542f\u7528 DoT \uff0c\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u64cd\u4f5c\uff1a<\/p>\n<ol style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5bfc\u822a\u5230\u670d\u52a1\u2192Unbound DNS\u00a0\u2192\u00a0DNS over TLS \u3002<\/p>\n<div class=\"ideal-image\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-settings-on-opnsense.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11989\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-settings-on-opnsense.png\" alt=\"Unbound DNS: DNS over TLS settings\" width=\"1910\" height=\"768\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-settings-on-opnsense.png 1910w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-settings-on-opnsense-300x121.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-settings-on-opnsense-1024x412.png 1024w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-settings-on-opnsense-768x309.png 768w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dns-over-tls-settings-on-opnsense-1536x618.png 1536w\" sizes=\"auto, (max-width: 1910px) 100vw, 1910px\" \/><\/a><\/div>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5355\u51fb\u53f3\u4e0b\u89d2\u6dfb\u52a0\u6309\u94ae\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u9009\u4e2d\u201c\u542f\u7528\u201d\u9009\u9879\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u53ef\u4ee5\u5c06\u57df\u5b57\u6bb5\u7559\u7a7a\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5c06\u6b64\u5b57\u6bb5\u7559\u7a7a\u4f1a\u5c06\u6240\u6709\u67e5\u8be2\u5b9a\u5411\u5230\u6307\u5b9a\u670d\u52a1\u5668\u3002\u5728\u6b64\u5b57\u6bb5\u4e2d\u8f93\u5165\u57df\u5c06\u5bfc\u81f4\u5c06\u8be5\u7279\u5b9a\u57df\u7684\u67e5\u8be2\u5b9a\u5411\u5230\u6240\u9009\u670d\u52a1\u5668\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u8f93\u5165DNS \u670d\u52a1\u5668\u7684IP \u5730\u5740\uff0c\u6765\u8f6c\u53d1\u6240\u6709\u8bf7\u6c42\uff0c\u4f8b\u59828.8.8.8\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5c06\u670d\u52a1\u5668\u7aef\u53e3\u8bbe\u7f6e\u4e3aDot\u4f7f\u7528\u7684853\u7aef\u53e3\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5728\u201c\u9a8c\u8bc1 CN\u201d\u5b57\u6bb5\u4e2d\u8f93\u5165 DNS \u670d\u52a1\u5668\u7684\u901a\u7528\u540d\u79f0\uff08\u4f8b\u5982 dns.google.com\uff09\uff0c\u4ee5\u9a8c\u8bc1\u5176 TLS \u8bc1\u4e66\u3002\u9664\u975e\u53ef\u4ee5\u786e\u8ba4\u8bc1\u4e66\u7684\u771f\u5b9e\u6027\uff0c\u5426\u5219 DNS-over-TLS \u5bb9\u6613\u53d7\u5230\u4e2d\u95f4\u4eba\u653b\u51fb\u3002\u60a8\u53ef\u4ee5\u5c06\u8be5\u5b57\u6bb5\u7559\u7a7a\u4ee5\u63a5\u53d7\u81ea\u7b7e\u540d\u8bc1\u4e66\uff0c\u4f46\u8fd9\u53ef\u80fd\u662f\u6b3a\u8bc8\u6027\u7684\u3002<\/p>\n<div class=\"ideal-image\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/edit-dns-server.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11990\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/edit-dns-server.png\" alt=\"Adding DNS over TLS server\" width=\"998\" height=\"410\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/edit-dns-server.png 998w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/edit-dns-server-300x123.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/edit-dns-server-768x316.png 768w\" sizes=\"auto, (max-width: 998px) 100vw, 998px\" \/><\/a><\/div>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5355\u51fb\u201c\u4fdd\u5b58\u201d\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5982\u679cISP\u652f\u6301IPv6\uff0c\u8fd8\u53ef\u4ee5\u6dfb\u52a0 IPv6 DNS \u670d\u52a1\u5668\u4f5c\u4e3a\u8f85\u52a9 DNS \u89e3\u6790\u5668\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5355\u51fb\u201c\u5e94\u7528\u201d\u6765\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/p>\n<div class=\"ideal-image\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/apply-dot-settings.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11991\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/apply-dot-settings.png\" alt=\"DNS over TLS servers list on OPNsense\" width=\"1581\" height=\"703\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/apply-dot-settings.png 1581w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/apply-dot-settings-300x133.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/apply-dot-settings-1024x455.png 1024w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/apply-dot-settings-768x341.png 768w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/apply-dot-settings-1536x683.png 1536w\" sizes=\"auto, (max-width: 1581px) 100vw, 1581px\" \/><\/a><\/div>\n<\/li>\n<\/ol>\n<h1 class=\"anchor anchorWithStickyNavbar_LWe7\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u914d\u7f6eDNS\u548cDHCP<\/h1>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u4e3a\u4e86\u5f3a\u5236\u7f51\u7edc\u4e0a\u7684\u6240\u6709\u5ba2\u6237\u7aef\u4f7f\u7528\u4e0a\u9762\u5b9a\u4e49\u7684 DoT \u670d\u52a1\u5668\uff0c\u8fd8\u5fc5\u987b\u6b63\u786e\u914d\u7f6e DNS \u548c DHCP \u670d\u52a1\u5668\u3002\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5728 OPNsense \u4e0a\u914d\u7f6e DNS \u548c DHCP \u670d\u52a1\uff1a<\/p>\n<ol style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5bfc\u822a\u81f3\u7cfb\u7edf\u2192\u8bbe\u7f6e\u2192\u5e38\u89c4\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u786e\u4fddDNS \u670d\u52a1\u5668\u7684\u6240\u6709\u5b57\u6bb5\u90fd\u4e3a\u7a7a\u3002\u8fd9\u6837\u505a\u662f\u4e3a\u4e86\u4fdd\u8bc1 DNS \u6d41\u91cf\u91cd\u5b9a\u5411\u56de\u9632\u706b\u5899\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u53d6\u6d88\u5141\u8bb8WAN \u4e0a\u7684 DHCP\/PPP \u8986\u76d6 DNS \u670d\u52a1\u5668\u5217\u8868\u9009\u9879\u3002<\/p>\n<div class=\"ideal-image\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/general-system-settings.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11992\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/general-system-settings.png\" alt=\"DNS servers settings on OPNsense\" width=\"1330\" height=\"820\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/general-system-settings.png 1330w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/general-system-settings-300x185.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/general-system-settings-1024x631.png 1024w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/general-system-settings-768x474.png 768w\" sizes=\"auto, (max-width: 1330px) 100vw, 1330px\" \/><\/a><\/div>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5355\u51fb\u201c\u4fdd\u5b58\u201d\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5bfc\u822a\u5230\u670d\u52a1\u2192\u00a0ISC DHCPv4\u00a0\u2192\u00a0LAN\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u786e\u4fddDNS \u670d\u52a1\u5668\u5b57\u6bb5\u4e3a\u7a7a\u3002\u5fc5\u987b\u4f7f\u7528\u7cfb\u7edf\u9ed8\u8ba4\u7684 DNS \u670d\u52a1\u5668\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u5982\u679c\u8bbe\u7f6e\u6709\u66f4\u6539\uff0c\u8bf7\u5355\u51fb\u4fdd\u5b58\uff0c\u7136\u540e\u5355\u51fb\u53f3\u4e0a\u89d2\u7684\u5237\u65b0\u6309\u94ae\u3002<\/p>\n<div class=\"ideal-image\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dhcp-settings.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11993\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dhcp-settings.png\" alt=\"DHCP server settings on OPNsense\" width=\"1893\" height=\"882\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dhcp-settings.png 1893w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dhcp-settings-300x140.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dhcp-settings-1024x477.png 1024w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dhcp-settings-768x358.png 768w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/dhcp-settings-1536x716.png 1536w\" sizes=\"auto, (max-width: 1893px) 100vw, 1893px\" \/><\/a><\/div>\n<\/li>\n<\/ol>\n<div data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<div data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u63d0\u793a\uff1a\u4e3a\u4e86\u63d0\u4f9b\u5b89\u5168\u4e14\u7ecf\u8fc7\u9a8c\u8bc1\u7684\u73af\u5883\uff0c\u5efa\u8bae\u5728\u4f7f\u7528 DNS over TLS \u65f6\u4f7f\u7528\u9632\u706b\u5899\u89c4\u5219\u7981\u6b62\u7aef\u53e3 53 \u4e0a\u7684\u4efb\u4f55\u4f20\u51fa DNS \u6d41\u91cf\u3002\u5982\u679c\u5ba2\u6237\u7aef\u9009\u62e9\u81ea\u884c\u76f4\u63a5\u67e5\u8be2\u5176\u4ed6DNS\u670d\u52a1\u5668\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528 NAT \u91cd\u5b9a\u5411\u89c4\u5219\u5c06\u8fd9\u4e9b\u8bf7\u6c42\u53d1\u9001\u5230 127.0.0.1:53\uff0c\u5373\u672c\u5730 Unbound \u670d\u52a1\u3002\u8fd9\u5c06\u786e\u4fdd\u8fd9\u4e9b\u8bf7\u6c42\u53ea\u901a\u8fc7 TLS \u53d1\u9001\u3002<\/div>\n<\/div>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\" data-immersive-translate-paragraph=\"1\">\u4ee5\u4e0b\u662f\u56fd\u5916\u5e38\u7528\u7684DoT\u670d\u52a1\u5668\uff1a<\/p>\n<table data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<thead data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<th data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">DNS\u63d0\u4f9b\u5546<\/th>\n<th data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\u670d\u52a1\u5668 IP<\/th>\n<th data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\u7aef\u53e3<\/th>\n<th data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\u9a8c\u8bc1CN<\/th>\n<\/tr>\n<\/thead>\n<tbody data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Google<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">8.8.8.8<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.google<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Google<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">8.8.4.4<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.google<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Google<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2001:4860:4860::8888<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.google<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Google<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2001:4860:4860::8844<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.google<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">1.1.1.1<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">1.0.0.1<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2606:4700:4700::1111<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2606:4700:4700::1001<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Security<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">1.1.1.2<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">security.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Security<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">1.0.0.2<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">security.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Security<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2606:4700:4700::1112<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">security.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Security<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2606:4700:4700::1002<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">security.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Family<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">1.1.1.3<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">family.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Family<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">1.0.0.3<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">family.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Family<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2606:4700:4700::1113<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">family.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Cloudflare Family<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2606:4700:4700::1003<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">family.cloudflare-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Quad9<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">9.9.9.9<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.quad9.net<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Quad9<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">149.112.112.112<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.quad9.net<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Quad9<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2620:fe::fe<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.quad9.net<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">Quad9<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">2620:fe::9<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.quad9.net<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">AdGuard DNS<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">94.140.14.14<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\" data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">dns.adguard-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\">AdGuard DNS<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">94.140.15.15<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\">dns.adguard-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td data-immersive-translate-paragraph=\"1\">AdGuard Family Protection DNS<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">94.140.14.15<\/td>\n<td data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">853<\/td>\n<td data-immersive-translate-paragraph=\"1\">family.adguard-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td>AdGuard Family Protection DNS<\/td>\n<td>94.140.15.16<\/td>\n<td>853<\/td>\n<td>family.adguard-dns.com<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td>CleanBrowsing DNS<\/td>\n<td>185.228.168.168<\/td>\n<td>853<\/td>\n<td>family-filter-dns.cleanbrowsing.org<\/td>\n<\/tr>\n<tr data-immersive-translate-walked=\"16032d6f-18f9-46a6-80d3-7885f4880bd5\">\n<td>CleanBrowsing DNS<\/td>\n<td>185.228.169.168<\/td>\n<td>853<\/td>\n<td>family-filter-dns.cleanbrowsing.org<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h1 class=\"anchor anchorWithStickyNavbar_LWe7\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u9a8c\u8bc1DoT\u914d\u7f6e<\/h1>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u53ef\u4ee5\u901a\u8fc7 3 \u79cd\u4e0d\u540c\u7684\u65b9\u5f0f\u9a8c\u8bc1 OPNsense \u4e0a\u7684 DoT \u8bbe\u7f6e\uff1a<\/p>\n<ol style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u4f7f\u7528 tcpdump<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u67e5\u770b\u672a\u7ed1\u5b9a\u7684 DNS \u65e5\u5fd7<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u8fde\u63a5\u5230 Cloudflare DoT \u6d4b\u8bd5\u9875\u9762<\/li>\n<\/ol>\n<h3 id=\"1-using-tcpdump\" class=\"anchor anchorWithStickyNavbar_LWe7\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">1. \u4f7f\u7528tcpdump<\/h3>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u8981\u9a8c\u8bc1 OPNsense \u662f\u5426\u6b63\u5728\u4f7f\u7528 DNS over TLS \u8fdb\u884c\u67e5\u8be2\uff0c\u53ef\u4ee5\u901a\u8fc7 OPNsense \u547d\u4ee4\u884c\u6267\u884c\u6570\u636e\u5305\u6355\u83b7\uff1a<\/p>\n<div class=\"language-jsx codeBlockContainer_Ckt0 theme-code-block\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<div class=\"codeBlockContent_biex\">\n<pre class=\"prism-code language-jsx codeBlock_bY9V thin-scrollbar\" tabindex=\"0\"><code class=\"codeBlockLines_e6Vv\"><span class=\"token-line\"><span class=\"token plain\">tcpdump <\/span><span class=\"token operator\">-<\/span><span class=\"token plain\">i vtnet0 port <\/span><span class=\"token number\">853<\/span>\r\n<\/span><\/code><\/pre>\n<div class=\"buttonGroup__atx\">\u5e94\u8be5\u770b\u5230\u7c7b\u4f3c\u4ee5\u4e0b\u5185\u5bb9\u7684\u8f93\u51fa\uff1a<\/div>\n<\/div>\n<\/div>\n<div class=\"language-jsx codeBlockContainer_Ckt0 theme-code-block\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<div class=\"codeBlockContent_biex\">\n<pre class=\"prism-code language-jsx codeBlock_bY9V thin-scrollbar\" tabindex=\"0\"><code class=\"codeBlockLines_e6Vv\"><span class=\"token-line\">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n12:11:49.725590 IP 192.168.0.31.61795 &gt; dns.google.domain-s: Flags [P.], seq 462163878:462164030, ack 4235244077, win 519, options [nop,nop,TS val 2361809916 ecr 3152845993], length 152\r\n12:11:49.756681 IP dns.google.domain-s &gt; 192.168.0.31.61795: Flags [.], ack 152, win 1045, options [nop,nop,TS val 3152863341 ecr 2361809916], length 0\r\n12:11:49.756697 IP 192.168.0.31.61795 &gt; dns.google.domain-s: Flags [P.], seq 152:304, ack 1, win 519, options [nop,nop,TS val 2361809946 ecr 3152863341], length 152\r\n12:11:49.787748 IP dns.google.domain-s &gt; 192.168.0.31.61795: Flags [.], ack 304, win 1045, options [nop,nop,TS val 3152863373 ecr 2361809946], length 0\r\n12:11:49.790739 IP dns.google.domain-s &gt; 192.168.0.31.61795: Flags [P.], seq 1:493, ack 304, win 1045, options [nop,nop,TS val 3152863376 ecr 2361809946], length 492\r\n12:11:49.790757 IP 192.168.0.31.61795 &gt; dns.google.domain-s: Flags [.], ack 493, win 516, options [nop,nop,TS val 2361809986 ecr 3152863376], length 0\r\n12:11:49.815496 IP dns.google.domain-s &gt; 192.168.0.31.61795: Flags [P.], seq 493:985, ack 304, win 1045, options [nop,nop,TS val 3152863400 ecr 2361809946], length 492\r\n12:11:49.815511 IP 192.168.0.31.61795 &gt; dns.google.domain-s: Flags [.], ack 985, win 515, options [nop,nop,TS val 2361810006 ecr 3152863400], length 0\r\n<\/span><\/code><\/pre>\n<h3 class=\"buttonGroup__atx\">2. \u67e5\u770bUnbound DNS\u65e5\u5fd7<\/h3>\n<\/div>\n<\/div>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u6b64\u5916\uff0c\u53ef\u4ee5\u68c0\u67e5 Unbound DNS \u65e5\u5fd7\u4ee5\u67e5\u770b DNS \u67e5\u8be2\u662f\u5426\u901a\u8fc7\u7aef\u53e3853\u53d1\u9001\u3002\u53ef\u4ee5\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u901a\u8fc7\u67e5\u770b Unbound DNS \u65e5\u5fd7\u6765\u9a8c\u8bc1 OPNsense \u4e0a\u7684 DoT \u914d\u7f6e\uff1a<\/p>\n<ol style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u5bfc\u822a\u5230\u670d\u52a1\u2192Unbound DNS\u00a0\u2192\u9ad8\u7ea7\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u5411\u4e0b\u6eda\u52a8\u5230\u201c\u65e5\u5fd7\u8bbe\u7f6e\u201d\u9879\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u542f\u7528\u65e5\u5fd7\u67e5\u8be2\u9009\u9879\u3002\u8fd9\u5c06\u4e3a\u6bcf\u4e2a\u67e5\u8be2\u6253\u5370\u4e00\u884c\u5230\u65e5\u5fd7\u4e2d\uff0c\u5176\u4e2d\u5305\u542b\u65e5\u5fd7\u65f6\u95f4\u6233\u548c IP \u5730\u5740\u3001\u540d\u79f0\u3001\u7c7b\u578b\u548c\u7c7b\u522b\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u9009\u62e9\u65e5\u5fd7\u7ea7\u522b\u8be6\u7ec6\u7a0b\u5ea6Level 2\u9009\u9879\u5c06\u63d0\u4f9b\u8be6\u7ec6\u7684\u64cd\u4f5c\u4fe1\u606f\u3002<\/p>\n<div class=\"ideal-image\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/unbound-dns-log-settings.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11994\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/unbound-dns-log-settings.png\" alt=\"Unbound DNS Logging Settings on OPNsense\" width=\"1278\" height=\"887\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/unbound-dns-log-settings.png 1278w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/unbound-dns-log-settings-300x208.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/unbound-dns-log-settings-1024x711.png 1024w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/unbound-dns-log-settings-768x533.png 768w\" sizes=\"auto, (max-width: 1278px) 100vw, 1278px\" \/><\/a><\/div>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u5355\u51fb\u9875\u9762\u5e95\u90e8\u7684\u5e94\u7528\u4ee5\u6fc0\u6d3b\u8bbe\u7f6e\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u5bfc\u822a\u5230\u670d\u52a1\u2192Unbound DNS\u00a0\u2192\u65e5\u5fd7\u6587\u4ef6\u3002<\/p>\n<\/li>\n<li data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u5728\u641c\u7d22\u6846\u4e2d\u8f93\u5165853\u3002\u5e94\u8be5\u4f1a\u770b\u5230\u5df2\u914d\u7f6e DNS \u89e3\u6790\u5668\u7684\u56de\u590d\u3002<\/p>\n<div class=\"ideal-image\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/log-view.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11995\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/log-view.png\" alt=\"Viewing Unbound DNS Logs on OPNsense\" width=\"1566\" height=\"464\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/log-view.png 1566w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/log-view-300x89.png 300w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/log-view-1024x303.png 1024w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/log-view-768x228.png 768w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/log-view-1536x455.png 1536w\" sizes=\"auto, (max-width: 1566px) 100vw, 1566px\" \/><\/a><\/div>\n<\/li>\n<\/ol>\n<h3 id=\"3-connecting-to-cloudflare-dot-test-page\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">3.Cloudflare DoT\u6d4b\u8bd5\u9875\u9762<\/h3>\n<p style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">Cloudflare \u5728\u5176<a href=\"https:\/\/1.1.1.1\/help\"><code data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">https:\/\/1.1.1.1\/help<\/code><\/a>\u7f51\u7ad9\u4e0a\u63d0\u4f9b\u4e86\u4e00\u4e2a\u67e5\u8be2\u9875\u9762\uff0c\u5141\u8bb8 Cloudflare \u7528\u6237\u9a8c\u8bc1\u4ed6\u4eec\u5f53\u524d\u4f7f\u7528\u7684\u662f DNS over TLS (DoT) \u8fd8\u662f DNS over HTTPS (DoH)\u3002\u5982\u679c\u4f7f\u7528\u7684\u662f Cloudflare DoT \u670d\u52a1\u5668\uff0c\u60a8\u53ef\u4ee5\u8fde\u63a5\u6d4b\u8bd5\u7f51\u7ad9\uff0c\u7136\u540e\u5e94\u8be5\u4f1a\u770b\u5230\u7c7b\u4f3c\u4e8e\u4e0b\u9762\u7684\u9875\u9762\u3002\u5728\u8c03\u8bd5\u4fe1\u606f\u8868\u4e2d<strong data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\uff0c\u4f7f\u7528<\/strong> DNS over TLS (DoT)\u9009\u9879\u5e94\u8be5\u662f<strong data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\">\u201cYes\u201d<\/strong>\u3002<\/p>\n<div class=\"ideal-image\" style=\"text-align: justify;\" data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/cloudflare-dot-test-results.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11996\" src=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/cloudflare-dot-test-results.png\" alt=\"Cloudflare DoT Test Page\" width=\"960\" height=\"1001\" srcset=\"https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/cloudflare-dot-test-results.png 960w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/cloudflare-dot-test-results-288x300.png 288w, https:\/\/blog.pfchina.org\/wp-content\/uploads\/2024\/02\/cloudflare-dot-test-results-768x801.png 768w\" sizes=\"auto, (max-width: 960px) 100vw, 960px\" \/><\/a><\/div>\n<div data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><\/div>\n<p data-immersive-translate-walked=\"7a540527-1cf0-4d9d-9aa8-dae797e8c1db\"><a href=\"https:\/\/www.zenarmor.com\/docs\/network-security-tutorials\/how-to-configure-dot-on-opnsense\">\u539f\u6587\u5730\u5740<\/a>\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OPNsense \u662f\u4e00\u6b3e\u57fa\u4e8e FreeBSD \u7684\u5f00\u6e90\u8def\u7531\u548c\u9632\u706b\u5899\u5e94\u7528\u7a0b\u5e8f\uff0c\u5b83\u8fd8\u53ef &hellip; <a href=\"https:\/\/blog.pfchina.org\/?p=11973\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[300],"class_list":["post-11973","post","type-post","status-publish","format-standard","hentry","category-opnsense","tag-dot"],"_links":{"self":[{"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=\/wp\/v2\/posts\/11973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11973"}],"version-history":[{"count":28,"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=\/wp\/v2\/posts\/11973\/revisions"}],"predecessor-version":[{"id":12149,"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=\/wp\/v2\/posts\/11973\/revisions\/12149"}],"wp:attachment":[{"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pfchina.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}