DNS over TLS not working
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Fri May 4 06:30:25 UTC 2018
Hi Raymond,
On 03/05/18 22:43, Raymond Bannan via Unbound-users wrote:
> I've spent several hours trying various permutations of the following
> config, but no matter what I do I can't get unbound to forward a DNS
> request over TLS:
This config looks correct. It should be connecting with TLS. Unless
you have other options in unbound.conf that negate the lines you pasted
here. Perhaps enable verbosity: 4 and logfile: "C:\unbound.log" and
log-time-ascii: yes and then you have a logfile in plain text with
details about what unbound is doing.
Best regards, Wouter
>
> server:
> tls-cert-bundle: "C:\Program Files\Unbound\cabundle.crt"
> forward-zone:
> name: "."
> forward-ssl-upstream: yes
> forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
>
> I'm on windows 10, unbound v1.7.1. I've been using nslookup to test:
>
> C:\Users\Me>nslookup - 127.0.0.1
> Default Server: localhost
> Address: 127.0.0.1
>
>> google.com
> Server: localhost
> Address: 127.0.0.1
>
> *** localhost can't find google.com: Server failed
>>
>
> Following this request in wireshark, unbound is accurately requesting
> DNS to the cloudflare server on tcp port 853, but is attempting to do
> this without negotiating a TLS connection, which cloudflare
> appropriately rejects.
>
> Anyone have any ideas?
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180504/198fd466/attachment.bin>
More information about the Unbound-users
mailing list