Set up DNSSEC and DNS over TCP on pfSense

Apr 18, 2021 · 1 min read

dnssec pfsense dns

We go over the basics of why traditional DNS using UDP port 53 is vulnerable to exploit and how DNSSEC addresses this

In other words, classical DNS does not validate the server that it connects to, nor does it check where the response comes from

We begin with how to use pfSense as a DNS forwarder for public DNS queries

Then show you how to enable DNS over TLS (DoT) and how it encrypts the DNS requests

By doing so, we can avoid man-in-the middle attacks as well keep our Internet connectivity more private

Finally, we update our Lab network to use the pfSense firewalls so that our Public DNS requests will use DNSSEC and DoT going forward