DNS over TLS not working
Raymond Bannan
raymond at raymond.life
Thu May 3 20:43:48 UTC 2018
I've spent several hours trying various permutations of the following
config, but no matter what I do I can't get unbound to forward a DNS
request over TLS:
server:
tls-cert-bundle: "C:\Program Files\Unbound\cabundle.crt"
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
I'm on windows 10, unbound v1.7.1. I've been using nslookup to test:
C:\Users\Me>nslookup - 127.0.0.1
Default Server: localhost
Address: 127.0.0.1
> google.com
Server: localhost
Address: 127.0.0.1
*** localhost can't find google.com: Server failed
>
Following this request in wireshark, unbound is accurately requesting
DNS to the cloudflare server on tcp port 853, but is attempting to do
this without negotiating a TLS connection, which cloudflare
appropriately rejects.
Anyone have any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180503/33a5eb70/attachment.htm>
More information about the Unbound-users
mailing list