DNS over TLS not working

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu May 24 09:57:20 UTC 2018


Hi Yuri,

On 09/05/18 16:51, Yuri wrote:
> 
> 
> 09.05.2018 11:51, W.C.A. Wijngaards via Unbound-users пишет:
>> Hi,
>>
>> No idea what is going on anymore, here is two new sets of binaries.
>>
>> These are made with openssl 1.0.2j.  The code in unbound that does
>> tls-upstream:yes is basically almost the same as previous releases, and
>> with the same version of openssl, shouldn't that work like it did in the
>> previous release?
>>
>> Note that the 1.0.2 openssl does not have the set verify name function
>> that is used to verify the tls authentication name, so it won't check that.
>>
>> open.nlnetlabs.nl/~wouter/unbound-1.7.1_20180509.zip
>> open.nlnetlabs.nl/~wouter/unbound-1.7.2_20180509.zip
> Same shame, Wouter.:-(
> 
> Both does not work with DoT.

I have a bugfix for windows DNS-over-TLS.  There was missing
initialisation.  The version with bugfixes is available here
open.nlnetlabs.nl/~wouter/unbound-1.7.2rc45.zip
and unbound_setup_1.7.2rc45.exe and .asc gpg sigs.

Best regards, Wouter

>>
>> pgp sigs in .asc files.
>>
>> The 1.7.1 zipfile is the 1.7.1 release with the different openssl library.
>>
>> The 1.7.2 has a different windows event handling for SSL upstream, that
>> should result in fewer cycles used to handle the SSL connection.  It
>> should however, not otherwise change the SSL connection calls to OpenSSL.
>>
>> Best regards, Wouter
>>
>> On 08/05/18 18:25, Yuri via Unbound-users wrote:
>>> Still not, Raymond.
>>>
>>> Digging.
>>>
>>> 08.05.2018 21:45, Raymond Bannan via Unbound-users пишет:
>>>> I downloaded the updated binary and tried on my system as well -
>>>> unbound is still attempting to resolve without first negotiating TLS.
>>>>
>>>> It correctly reaches out to 1.1.1.1:853, but it doesn't negotiate a
>>>> TLS connection.  Is there anything I could do to help fix this?
>>>>
>>>> -Ray
>>>>
>>>> On 5/7/2018 8:25 AM, W.C.A. Wijngaards via Unbound-users wrote:
>>>>> Hi Yuri,
>>>>>
>>>>> On 07/05/18 16:16, Yuri via Unbound-users wrote:
>>>>>> Just checked. Unfortunately, patch does not fix issue.
>>>>>>
>>>>>> Same sympthom. Timeout, then no resolve.
>>>>>  From your previous logs, what unbound does is connect, then write. 
>>>>> Then
>>>>> it gets nothing to read.  Until the timeout happens.  The connection
>>>>> closes, there was no data received.
>>>>>
>>>>> Is there a firewall of some sort preventing data from leaving or
>>>>> entering the system?
>>>>>
>>>>> Best regards, Wouter
>>>>>
>>>>>> http://open.nlnetlabs.nl/~wouter/unbound-1.7.2_20180507.zip (16Mb)
>>>>>> http://open.nlnetlabs.nl/~wouter/unbound-1.7.2_20180507.zip.asc (pgp
>>>>>> sig)
>>>>>>
>>>>>> -- 
>>>>>> "C++ seems like a language suitable for firing other people's legs."
>>>>>>
>>>>>> *****************************
>>>>>> * C++20 : Bug to the future *
>>>>>> *****************************
>>>>>>
>>
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180524/ced691f8/attachment.bin>


More information about the Unbound-users mailing list