Help with getting Unbound to use DoH (DNS over HTTPS)

Ronald Nutter ron.nutter at networkref.com
Mon Feb 22 21:13:25 UTC 2021


Andreas:

Thanks for your response.
Need to explain about the 127.0.0.1.
I am running this on a raspberry pi along with PiHole.  Pihole answered the
initial inquiry and forwards to Unbound if it doesnt have the info.
>From what I had read, I thought that I could configure Unbound to talk DoH
to upstream DNS.
Looks like it isnt an option at this point.

Ron

On Mon, Feb 22, 2021 at 1:44 PM A. Schulze via Unbound-users <
unbound-users at lists.nlnetlabs.nl> wrote:

>
>
> Am 22.02.21 um 17:36 schrieb Ronald Nutter via Unbound-users:
> > #configuring unbound to use DoH
> > server:
> > interface: 127.0.0.1 at 443
> > tls-service-key "key.pem"
> > tls-service-pem: "cert.pem"
> No, unbound don't magically "use" DoH with this configuration.
> This set up a DoH **server**. As you selected 127.0.0.1, it will be
> reachable only from DoH clients running on localhost.
> It's not what you want ...
>
>
> > # Adapted from TLS/DoT instructions, so not sure about this
> > forward-zone:
> >     name: "."
> >     forward-tls-upstream: yes
> note the "-tls-" It enable unbound acting as DoT client
>
> >     # Cloudflare DNS
> >     forward-addr: 2606:4700:4700::1111 at 443#cloudflare-dns.com
> >     forward-addr: 1.1.1.1 at 443#cloudflare-dns.com
> >     forward-addr: 2606:4700:4700::1001 at 443#cloudflare-dns.com
> >     forward-addr: 1.0.0.1 at 443#cloudflare-dns.com
> you've configured unbound to talk TLS with a DoH Server
>
> >
> > Is this correct ?
> no
>
> > Would appreciate any pointers in helping get this to work
> I'm not aware, unbound (up to 13.1) can act as DoH client
>
> Stay with DoT to CF for now.
>
> Andreas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210222/e5a99248/attachment.htm>


More information about the Unbound-users mailing list