Help with getting Unbound to use DoH (DNS over HTTPS)
A. Schulze
sca at andreasschulze.de
Mon Feb 22 19:43:49 UTC 2021
Am 22.02.21 um 17:36 schrieb Ronald Nutter via Unbound-users:
> #configuring unbound to use DoH
> server:
> interface: 127.0.0.1 at 443
> tls-service-key "key.pem"
> tls-service-pem: "cert.pem"
No, unbound don't magically "use" DoH with this configuration.
This set up a DoH **server**. As you selected 127.0.0.1, it will be reachable only from DoH clients running on localhost.
It's not what you want ...
> # Adapted from TLS/DoT instructions, so not sure about this
> forward-zone:
> name: "."
> forward-tls-upstream: yes
note the "-tls-" It enable unbound acting as DoT client
> # Cloudflare DNS
> forward-addr: 2606:4700:4700::1111 at 443#cloudflare-dns.com
> forward-addr: 1.1.1.1 at 443#cloudflare-dns.com
> forward-addr: 2606:4700:4700::1001 at 443#cloudflare-dns.com
> forward-addr: 1.0.0.1 at 443#cloudflare-dns.com
you've configured unbound to talk TLS with a DoH Server
>
> Is this correct ?
no
> Would appreciate any pointers in helping get this to work
I'm not aware, unbound (up to 13.1) can act as DoH client
Stay with DoT to CF for now.
Andreas
More information about the Unbound-users
mailing list