[Solved] Using unbound along with vpn-policy-based-routing

This mostly depends on personal preferences.
Select a DoT provider that you trust and reconfigure Unbound accordingly.

I think I will chose 1.1.1.1
Is DNSSEC and DNS over TLS set by default?
Do I just have to change the IP address in the unbound config file?
Does DNS over TLS doesn’t need a key or something within the config?

1 Like

Good, major providers are typically more fault-tolerant.

Yep, for Cloudflare.

The server certificate should be verified using the ca-bundle package and the option tls_index in the unbound config that you should specify according to the link above.

2 Likes

I think I got it...

What does Encrypted SNI mean? Is this relevant for a privat person?

If I get it right the only thing that is visible is, that I am making TLS requests to 1.1.1.1, right?

ESNI/ECH is a separate feature related to HTTP/HTTPS protocols with its own security implications:
https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications

Its support relies on the web server and client browser, so it's unrelated to OpenWrt.

2 Likes

Okay. Thank you very much!

Everything works now as excepted!

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

3 Likes