Proper DNS setup for a Linux client

Hi community

I am using arch linux and would like to setup my computer to resolve anything through cloudflare in the most secure way. I am using network-mannager, resolvconf and unbound. Networkmanager has no global DNS setting, so I configured resolvconf to always use the local host as DNS where unbound is listening for requests. This should totally ignore the DNS settings I am getting from DHCP servers.

My unbound forward zone config is:

  name: "."
   forward-tls-upstream: yes
  ## Cloudflare DNS
  forward-addr: [email protected]
  forward-addr: [email protected]
  ## IPv6  Cloudflare DNS over TLS
  forward-addr: 2606:4700:4700::[email protected]
  forward-addr: 2606:4700:4700::[email protected]

Everything seems to work. I can see with tcpdump that DNS requests are encrypted and go to cloudflare servers, even though network-manager tells me something else.

However, tells me I am neither connected to, nor using DoH/DoT/WARP. What is this check actually doing? How can I make sure, my setup is proper?

Any more recommendations?

Noone? :frowning:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.