I am using arch linux and would like to setup my computer to resolve anything through cloudflare in the most secure way. I am using network-mannager, resolvconf and unbound. Networkmanager has no global DNS setting, so I configured resolvconf to always use the local host as DNS where unbound is listening for requests. This should totally ignore the DNS settings I am getting from DHCP servers.
My unbound forward zone config is:
forward-zone: name: "." forward-tls-upstream: yes ## Cloudflare DNS forward-addr: [email protected] forward-addr: [email protected] ## IPv6 Cloudflare DNS over TLS forward-addr: 2606:4700:4700::[email protected] forward-addr: 2606:4700:4700::[email protected]
Everything seems to work. I can see with tcpdump that DNS requests are encrypted and go to cloudflare servers, even though network-manager tells me something else.
However, 22.214.171.124/help tells me I am neither connected to 126.96.36.199, nor using DoH/DoT/WARP. What is this check actually doing? How can I make sure, my setup is proper?
Any more recommendations?