▸ Assistance

Consultez nos guides d'installation et la FAQ, ou utilisez la barre de recherche ci-dessous pour trouver des informations pertinentes.

Setup: IPFire and DNS over TLS


IPFire is an open-source firewall, used in both consumer and commercial environments.

IPFire utilizes Unbound, which has built-in DNS over TLS support, with the configuration being accessible in the GUI.

Before making changes to a production environment, we recommend taking a backup of the existing configuration.

This setup guide was tested using IPFire 2.27


  • Navigate to System -> Domain Name System
  • Under DNS Servers, click Add
  • Go through this process twice, one for each Quad9 IP address, where the TLS Hostname will always be

IP address:
IP address:

  • Use ISP-assigned DNS Servers: Disabled
  • Protocol for DNS Queries: TLS
  • Enable Safe Search: Disabled
  • QNAME Minimisation: Standard
  • Click Save



To confirm you're using Quad9 with DNS over HTTPS in the GUI, you can navigate to Status -> Net-Traffic in the top menu, and search for an active connect to either or via port 853 TCP: mceclip4.png

To confirm you're using Quad9 with DNS over HTTPS in CLI:

  • Connect to your IPFire device via SSH
  • Install the tshark package

    pakfire -y install tshark

  • Start a packet capture with tshark to filter for DNS over HTTPS traffic:

    tshark -i any 'port 853'

  • If the IPFire device is using DNS over HTTPS for DNS queries, you will see output like this:

    1 0.000000000 → TCP 76 37226 → 853 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=3103990808 TSecr=0 WS=512
    2 0.006914259 → TCP 76 853 → 37226 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 TSval=2447463919 TSecr=3103990808 WS=256
    3 0.006948874 → TCP 68 37226 → 853 [ACK] Seq=1 Ack=1 Win=64512 Len=0 TSval=3103990815 TSecr=2447463919
    4 0.007110658 → TLSv1 387 Client Hello
    5 0.013306457 → TCP 68 853 → 37226 [ACK] Seq=1 Ack=320 Win=30208 Len=0 TSval=2447463926 TSecr=3103990815
    6 0.013926633 → TLSv1.3 2964 Server Hello, Change Cipher Spec, Application Data
    7 0.013945067 → TCP 68 37226 → 853 [ACK] Seq=320 Ack=2897 Win=62464 Len=0 TSval=3103990822 TSecr=2447463926