DNS over TLS not working

Raymond Bannan raymond at raymond.life
Thu May 3 20:43:48 UTC 2018

I've spent several hours trying various permutations of the following 
config, but no matter what I do I can't get unbound to forward a DNS 
request over TLS:

     tls-cert-bundle: "C:\Program Files\Unbound\cabundle.crt"
     name: "."
     forward-ssl-upstream: yes
     forward-addr: at 853#cloudflare-dns.com

I'm on windows 10, unbound v1.7.1.  I've been using nslookup to test:

C:\Users\Me>nslookup -
Default Server:  localhost

 > google.com
Server:  localhost

*** localhost can't find google.com: Server failed

Following this request in wireshark, unbound is accurately requesting 
DNS to the cloudflare server on tcp port 853, but is attempting to do 
this without negotiating a TLS connection, which cloudflare 
appropriately rejects.

Anyone have any ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180503/33a5eb70/attachment.htm>

More information about the Unbound-users mailing list