No subject
Bastian Horn
bastianhorn at gmail.com
Tue Dec 31 17:00:08 UTC 2019
Hi there,
i recently noticed that i get an error thrown by unbound which says it cant
verify the certificate (possibly the root ca?) for cloudflare. Quad9 works
like a charm.
[1063:0] error: ssl handshake failed crypto error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
[1063:0] notice: ssl handshake failed 1.1.1.1 port 853
i verified over at cloudflare community forum that my certs look good etc.
So now i try to verify that unbound works correctly.
My unbound.conf looks like this:
server:
use-syslog: yes
do-daemonize: no
username: "unbound"
directory: "/etc/unbound"
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
trust-anchor-file: trusted-key.key
root-hints: root.hints
interface: 127.0.0.1
interface: 172.16.0.254
interface: 172.17.0.254
access-control: 127.0.0.1/32 allow
access-control: 172.16.0.0/16 allow
access-control: 172.17.0.0/16 allow
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
verbosity: 1
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
prefetch: yes
unwanted-reply-threshold: 10000
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-domain: "local"
local-zone: "local" static
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1 at 853#cloudflare
forward-addr: 9.9.9.9 at 853#dns.quad9.net
forward-addr: 1.0.0.1 at 853#cloudflare
forward-addr: 146.185.167.43 at 853#SecureDNS.eu
this is the thread at cloudflare:
https://community.cloudflare.com/t/dns-over-tls-cant-verify-certificate/139530
Thank you for your help. I really appreciate it.
Greetings
Bastian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20191231/c6cbed0c/attachment.htm>
More information about the Unbound-users
mailing list