[Solved] Using unbound along with vpn-policy-based-routing

This mostly depends on personal preferences.
Select a DoT provider that you trust and reconfigure Unbound accordingly.

I think I will chose
Is DNSSEC and DNS over TLS set by default?
Do I just have to change the IP address in the unbound config file?
Does DNS over TLS doesn’t need a key or something within the config?

1 Like

Good, major providers are typically more fault-tolerant.

Yep, for Cloudflare.

The server certificate should be verified using the ca-bundle package and the option tls_index in the unbound config that you should specify according to the link above.


I think I got it...

What does Encrypted SNI mean? Is this relevant for a privat person?

If I get it right the only thing that is visible is, that I am making TLS requests to, right?

ESNI/ECH is a separate feature related to HTTP/HTTPS protocols with its own security implications:

Its support relies on the web server and client browser, so it's unrelated to OpenWrt.


Okay. Thank you very much!

Everything works now as excepted!

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.