[nsd-users] Testing DoH
Chris Croome
chris at webarchitects.co.uk
Mon Dec 8 14:28:47 UTC 2025
Hi
I have development NSD server running on Debian Trixie (using the Debian
package) with the following server section in /etc/nsd/nsd.conf:
server:
hide-identity: yes
hide-version: yes
log-only-syslog: yes
ip-address: 81.95.52.27
interface: 81.95.52.27 at 853
tls-port: 853
tls-service-key: /etc/nsd/dns5.webarch.org.uk.privkey.secp384r1.pem
tls-service-pem: /etc/nsd/dns5.webarch.org.uk.pubcert.secp384r1.pem
I have used ip-address and interface rather than either using interface
twice or ip-address twice in order that the config is parsable as YAML.
Everything is fine with queries to port 53, I'm struggling to get a
response on port 853, the server don't have a firewall running for
either of these two ports.
dig @dns5.webarch.org.uk webarch.org.uk A +short
81.95.52.56
I have installed doh-cli [1] are tried testing using that:
doh-cli --verbose --url https://dns5.webarch.org.uk:853 webarch.org.uk A
('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
This fails after a while with the above error.
Is there another CLI tool that anyone would suggest I try test the
service with or have I not configured the server correctly or is there
an issue with the TLS cert and key?
The cert and key are the same ones that Apache is using:
- https://www.ssllabs.com/ssltest/analyze.html?d=dns5.webarch.org.uk
All the best
Chris
[1] https://pypi.org/project/doh-cli/
--
Webarchitects Co-operative
http://webarchitects.coop/
http://webarch.info/
+44 114 276 9709
@webarchcoop
More information about the nsd-users
mailing list