dns over tls with unbound on openwrt

Havard Eidnes he at uninett.no
Fri Feb 7 13:59:53 UTC 2020

> ok maybe i do not understand how unboud or even any DNS server works. let
> me rephrase my questions:
> in default unbound config i do not define any DNS servers.

Right.  You can specify the hints for where to find the root name
servers in the DNS via the "root-hints:" unbound.conf option, but
unbound has a built-in default list corresponding to the list of
root name servers on the public Internet.

> in the openwrt/luci config for unbound i had to define and
> tls_index to google.
> is there any way to configure this to use unbound with the
> default config + dns over tls but not to define google dns servers?

The correct address to send that question to must be to those who
put the "config framework" on top of unbound for openwrt.

Unbound itself does not require another external recursive name
server, as unbound can itself act as a recursive name server.
Unbound's ability to do so, of course, relies on unbound not
being prevented to talk the DNS protocol directly to the outside
world via e.g. an ACL.


- Håvard

More information about the Unbound-users mailing list