Confirming DNS over TLS on Unbound 1.6.0

rollingonchrome rollingonchrome at gmail.com
Sun Mar 17 00:10:03 UTC 2019 

Hello,

I am new to Unbound and am using version 1.6.0 on a Raspberry Pi.

I want to confirm that DNS over TLS to upstream servers is set up correctly.

Looking in the logs file, I see the following entries related to SSL or
port 853. Are these good indicators that DNS over TLS is working?

Thanks for your help!

Best,

ROC

Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: SSL DNS connection ip4 1.1.1.1 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: Reading ssl tcp query of length 105
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
info: reply from <.> 149.112.112.112#853
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug:    ip4 1.0.0.1 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug:    ip4 1.1.1.1 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug:    ip4 149.112.112.112 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug:    ip4 9.9.9.9 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: servselect ip4 9.9.9.9 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: servselect ip4 149.112.112.112 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: servselect ip4 1.1.1.1 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: servselect ip4 1.0.0.1 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: sending to target: <.> 1.1.1.1#853
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: SSL DNS connection ip4 1.1.1.1 port 853 (len 16)
Mar 10 19:05:04 raspberrypi unbound[1101]: [1552269903] unbound[1101:0]
debug: Reading ssl tcp query of length 1404
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190316/c4d35e1b/attachment.htm>

More information about the Unbound-users mailing list