Upstream DNS over TLS
Peter Fraser
p_fraser at hotmail.com
Tue Sep 6 06:39:53 UTC 2022
Never mind. I figured it out. It seems something was wrong with my cert bundle. Works perfectly now.
Best Regards and thanks.
On Sep 5, 2022, at 8:16 PM, Peter Fraser <p_fraser at hotmail.com> wrote:
Hi All,
I have migrated my two Bind Servers to NSD and Unbound on FreeBSD 13.1. Works very well and is very fast. My last task is to configure DNS over TLS for only external queries. I want to have unbound accept udp queries on port 53 as usual internally, but use DOT when it queries external upstream servers. So far, I have managed to get the DOT queries working upstream but the local clients can no long use the servers. The configs I tried are below. Any help would be apreciated.
server:
tls-cert-bundle: "/usr/local/etc/ssl/gd_bundle-g2-g1.pem"
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1 at 853 #one.one.one.one
forward-addr: 8.8.8.8 at 853 #dns.google
forward-addr: 8.8.4.4 at 853 #dns.google
forward-addr: 9.9.9.9 at 853 #dns.quad9.net
forward-addr: 1.0.0.1 at 853 #one.one.one.one
forward-addr: 149.112.112.112 #dns.quad9.net
Then I tried
server:
tls-cert-bundle: "/usr/local/etc/ssl/gd_bundle-g2-g1.pem"
tls-upstream: yes
forward-zone:
name: "."
forward-addr: 1.1.1.1 at 853 #one.one.one.one
forward-addr: 8.8.8.8 at 853 #dns.google
forward-addr: 8.8.4.4 at 853 #dns.google
forward-addr: 9.9.9.9 at 853 #dns.quad9.net
forward-addr: 1.0.0.1 at 853 #one.one.one.one
forward-addr: 149.112.112.112 #dns.quad9.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220906/f23e6bb8/attachment-0001.htm>
More information about the Unbound-users
mailing list