How DoH settings should work
lomov.vl at bkoty.ru
Tue May 16 08:07:52 UTC 2023
I have installed and configured unbound on some of my hosts and wanted to try
DNS-over-HTTPS provided by unbound.
I figured out how to configure unbound (`interface`, `outgoing-interface` and
`access-control`) to use it on the local host and from the local network.
To use DoH, I generated a certificate for DoH and put this in `unbound.conf`:
But it didn't work, when I did
$ dig +https -p 3053 @::1 google.com
I got 'connection refused'.
I re-read the documentation carefully and found the following:
The port number on which to provide DNS-over-HTTPS service. Only interfaces
configured with that port number as @number get the HTTPS service.
If get it right, then besides these lines (example!):
I also need these
interface: ::1 at 3053
interface: 127.0.0.1 at 3053
I added the appropriate lines on three hosts and now `dig +https` works! But
on the fourth host it works even without these lines! This puzzles me. The
hosts have different network settings, but the fourth host doesn't have a
public IPv6 address, only a ULA one.
So how should DoH be configured? If I change `https-port`, I MUST add
interface: ::1 at PORT
or is the `https-port` setting enough?
WBR, Vladimir Lomov
You will not censor me through bug terrorism.
-- James Troup
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: not available
More information about the Unbound-users