Help with getting Unbound to use DoH (DNS over HTTPS)
ron.nutter at networkref.com
Mon Feb 22 21:13:25 UTC 2021
Thanks for your response.
Need to explain about the 127.0.0.1.
I am running this on a raspberry pi along with PiHole. Pihole answered the
initial inquiry and forwards to Unbound if it doesnt have the info.
>From what I had read, I thought that I could configure Unbound to talk DoH
to upstream DNS.
Looks like it isnt an option at this point.
On Mon, Feb 22, 2021 at 1:44 PM A. Schulze via Unbound-users <
unbound-users at lists.nlnetlabs.nl> wrote:
> Am 22.02.21 um 17:36 schrieb Ronald Nutter via Unbound-users:
> > #configuring unbound to use DoH
> > server:
> > interface: 127.0.0.1 at 443
> > tls-service-key "key.pem"
> > tls-service-pem: "cert.pem"
> No, unbound don't magically "use" DoH with this configuration.
> This set up a DoH **server**. As you selected 127.0.0.1, it will be
> reachable only from DoH clients running on localhost.
> It's not what you want ...
> > # Adapted from TLS/DoT instructions, so not sure about this
> > forward-zone:
> > name: "."
> > forward-tls-upstream: yes
> note the "-tls-" It enable unbound acting as DoT client
> > # Cloudflare DNS
> > forward-addr: 2606:4700:4700::1111 at 443#cloudflare-dns.com
> > forward-addr: 126.96.36.199 at 443#cloudflare-dns.com
> > forward-addr: 2606:4700:4700::1001 at 443#cloudflare-dns.com
> > forward-addr: 188.8.131.52 at 443#cloudflare-dns.com
> you've configured unbound to talk TLS with a DoH Server
> > Is this correct ?
> > Would appreciate any pointers in helping get this to work
> I'm not aware, unbound (up to 13.1) can act as DoH client
> Stay with DoT to CF for now.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Unbound-users