Help with getting Unbound to use DoH (DNS over HTTPS)

Ronald Nutter ron.nutter at networkref.com
Mon Feb 22 16:36:22 UTC 2021


I have been using Unbound with DoT but would like to see about moving over
to HTTPS.  Have been looking for how to do this but what I have found so
far doesnt give me the information I am looking for.  I have some
experience with Linux but am no where near being a programmer.

Here is what I have found so far -

# Since I installed using apt, figure that I should uninstall it first

sudo apt remove unbound


# Download/compile unbound to use DoH
wget http://www.nlnetlabs.nl/downloads/unbound/unbound-1.13.1.tar.gz
tar -zxvf unbound-1.13.1.tar.gz (missing step?)
./configure --with-libnghttp2
make
make install

#configuring unbound to use DoH
server:
interface: 127.0.0.1 at 443
tls-service-key "key.pem"
tls-service-pem: "cert.pem"

# Adapted from TLS/DoT instructions, so not sure about this
forward-zone:
    name: "."
    forward-tls-upstream: yes
    # Cloudflare DNS
    forward-addr: 2606:4700:4700::1111 at 443#cloudflare-dns.com
    forward-addr: 1.1.1.1 at 443#cloudflare-dns.com
    forward-addr: 2606:4700:4700::1001 at 443#cloudflare-dns.com
    forward-addr: 1.0.0.1 at 443#cloudflare-dns.com

Is this correct ?
Would appreciate any pointers in helping get this to work

Thanks,
Ron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210222/4ed81e89/attachment.htm>


More information about the Unbound-users mailing list