Help with getting Unbound to use DoH (DNS over HTTPS)

A. Schulze sca at
Mon Feb 22 19:43:49 UTC 2021

Am 22.02.21 um 17:36 schrieb Ronald Nutter via Unbound-users:
> #configuring unbound to use DoH
> server:
> interface: at 443
> tls-service-key "key.pem"
> tls-service-pem: "cert.pem"
No, unbound don't magically "use" DoH with this configuration.
This set up a DoH **server**. As you selected, it will be reachable only from DoH clients running on localhost.
It's not what you want ...

> # Adapted from TLS/DoT instructions, so not sure about this
> forward-zone:
>     name: "."
>     forward-tls-upstream: yes
note the "-tls-" It enable unbound acting as DoT client

>     # Cloudflare DNS
>     forward-addr: 2606:4700:4700::1111 at
>     forward-addr: at
>     forward-addr: 2606:4700:4700::1001 at
>     forward-addr: at
you've configured unbound to talk TLS with a DoH Server

> Is this correct ?

> Would appreciate any pointers in helping get this to work
I'm not aware, unbound (up to 13.1) can act as DoH client 

Stay with DoT to CF for now.


More information about the Unbound-users mailing list