<div dir="ltr">I have been using Unbound with DoT but would like to see about moving over to HTTPS.  Have been looking for how to do this but what I have found so far doesnt give me the information I am looking for.  I have some experience with Linux but am no where near being a programmer.<div><br></div><div>Here is what I have found so far -</div><div><br></div><div># Since I installed using apt, figure that I should uninstall it first</div><div><p style="margin:0in;font-family:Calibri;font-size:11pt">sudo
apt remove unbound</p><p style="margin:0in;font-family:Calibri;font-size:11pt"><br></p></div><div># Download/compile unbound to use DoH</div><div><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">wget </span><a rel="nofollow" target="_blank" href="http://www.nlnetlabs.nl/downloads/unbound/unbound-1.13.1.tar.gz" style="font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">http://www.nlnetlabs.nl/downloads/unbound/unbound-1.13.1.tar.gz</a><br style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">tar -zxvf unbound-1.13.1.tar.gz (missing step?)</span></div><div><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">./configure --with-libnghttp2</span><br style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">make</span><br style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">make install</span><br style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"></div><div><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><br></span></div><div><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">#configuring unbound to use DoH</span></div><div><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">server:</span><br style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">   interface: 127.0.0.1@443</span><br style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">   tls-service-key "key.pem"</span><br style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap">   tls-service-pem: "cert.pem"</span><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><br></span></div><div><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"><br></span></div><div><span style="color:rgb(32,33,36);font-family:Roboto,Arial,sans-serif;font-size:16px;font-variant-ligatures:none;letter-spacing:0.1px;white-space:pre-wrap"># Adapted from TLS/DoT instructions, so not sure about this</span></div><div>forward-zone:<br>    name: "."<br>    forward-tls-upstream: yes<br>    # Cloudflare DNS<br>    forward-addr: 2606:4700:4700::1111@443#<a href="http://cloudflare-dns.com">cloudflare-dns.com</a><br>    forward-addr: 1.1.1.1@443#<a href="http://cloudflare-dns.com">cloudflare-dns.com</a><br>    forward-addr: 2606:4700:4700::1001@443#<a href="http://cloudflare-dns.com">cloudflare-dns.com</a><br>    forward-addr: 1.0.0.1@443#<a href="http://cloudflare-dns.com">cloudflare-dns.com</a><br></div><div><br></div><div>Is this correct ?</div><div>Would appreciate any pointers in helping get this to work</div><div><br></div><div>Thanks,</div><div>Ron</div></div>