dns over tls with unbound on openwrt

Erik Dobák erik.dobak at gmail.com
Fri Feb 7 09:06:59 UTC 2020

Dear unbound users,

i did now setup unbound to use tls encryption on my openwrt router.
the setup is documented here:


like this:

config zone
	option enabled '1'
	option zone_type 'forward_zone'
	option tls_upstream '1'
	option tls_index 'dns.google'
	list zone_name '.'
	list server ''
	list server ''
	list server '2001:4860:4860::8888'
	list server '2001:4860:4860::8844'

unfortunately they use only google dns servers. afaik unbound uses root dns
servers per default.

My question is 1. are the root dns servers able to do dns over tls? 2.
where do i get a list of the root dns servers to be able to add them to
this config so that i am not dependant on google only.

Yours faithfully

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200207/9bf773f1/attachment.htm>

More information about the Unbound-users mailing list