DoT and UDP requirements
rgsub1 at btinternet.com
rgsub1 at btinternet.com
Wed Jul 24 11:15:07 UTC 2019
Hi,
More questions on DoT.
Having setup DoT and got it all working, I was under the impression that all
DNS queries would now use TLS over TCP. With that in mind I set:
do-udp: no
having changed that setting unbound will not answer any queries at all.
Either local-data
C:\>dig -x 192.168.1.20
; <<>> DiG 9.14.4 <<>> -x 192.168.1.3
;; global options: +cmd
;; connection timed out; no servers could be reached
Or external
C:\>dig www.microsoft.com
; <<>> DiG 9.14.4 <<>> www.microsoft.com
;; global options: +cmd
;; connection timed out; no servers could be reached
With UDP enabled there are no problems.
So the question is:
Why does UDP have to be enabled?
How can I be certain that ALL forwarded queries are over TCP if UDP is
enabled?
Regards
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190724/22fe1cca/attachment.htm>
More information about the Unbound-users
mailing list