Unbound 1.15.0rc1 pre-release
A. Schulze
sca at andreasschulze.de
Sat Feb 5 19:22:19 UTC 2022
Am 03.02.22 um 10:21 schrieb Wouter Wijngaards via Unbound-users:
> Unbound 1.15.0rc1 pre-release is available:
Hello,
there is a strange plaintext vs TLS confusion...
I start with this config:
server:
chroot: ""
logfile: ""
ip-address: 127.0.0.1 at 1025
# unbound -c config
# kdig -p 1025 @127.0.0.1 version.bind. txt ch +short +notcp
"unbound 1.15.0rc1"
# kdig -p 1025 @127.0.0.1 version.bind. txt ch +short +tcp
"unbound 1.15.0rc1"
-> unbound answer Do53 on UDP and TCP
Now I add DoT on port 1026:
# pkill unbound
# openssl ecparam -rand /dev/urandom -genkey -name secp384r1 -out /tmp/key
# openssl req -batch -rand /dev/urandom -x509 -key /tmp/key -out /tmp/cert -days 1 -subj '/CN=localhost' -addext subjectAltName=DNS:localhost
# cat <<EOF >> config
interface: 127.0.0.1 at 1026
tls-port: 1026
tls-service-pem: /tmp/cert
tls-service-key: /tmp/key
EOF
# unbound -c config
# kdig -p 1026 @127.0.0.1 version.bind. txt ch +short +tls
"unbound 1.15.0rc1"
-> DoT on port 1026/tcp works
# kdig -p 1025 @127.0.0.1 version.bind. txt ch +short +notcp
"unbound 1.15.0rc1"
-> Do53 on port 1025/tcp work
# kdig -p 1025 @127.0.0.1 version.bind. txt ch +short +tcp
;; WARNING: can't receive reply from 127.0.0.1 at 1025(TCP)
;; ERROR: failed to query server 127.0.0.1 at 1025(TCP)
-> Do53 on port 1025/tcp fail!
# kdig -p 1025 @127.0.0.1 version.bind. txt ch +short +tls
"unbound 1.15.0rc1"
-> unexpected: TLS is active on Port 1025!
Andreas
More information about the Unbound-users
mailing list