How DoH settings should work

Vladimir Lomov lomov.vl at bkoty.ru
Tue May 16 12:54:03 UTC 2023 

Hello,
** George (Yorgos) Thessalonikefs via Unbound-users <unbound-users at lists.nlnetlabs.nl> [2023-05-16 12:25:50 +0200]:

> Hi Vladimir,
>
> 'https-port:' makes sure that DoH is used for listening sockets using 
> that specific port.
>
> In order to use the port you need to explicitly define it with 'interface:'.
>
> The port in 'interface:' is optional and will default to 53, or the 
> value of 'port:' if that is changed.
>
> For example, if you set 'https-port: 53', and don't define a port in 
> 'interface:', Unbound will only listen for DoH.
>
> In your case with the following configuration:
>     interface: ::1
>     interface: 127.0.0.1
>     interface: ::1 at 3053
>     interface: 127.0.0.1 at 3053
>     https-port: 3053
>
> Unbound will listen for plain DNS on port 53 and for DoH on port 3053 
> on 127.0.0.1 and ::1.

Correct me if I'm wrong, but with
```
   interface: ::1
   interface: 127.0.0.1
   interface: ::1 at 3053
   interface: 127.0.0.1 at 3053
```

and the rest set to the default the unbound will serve for DNS on 53 AND 3053
ports.

On the other hand, with
```
   interface: ::1
   interface: 127.0.0.1
   interface: ::1 at 3053
   interface: 127.0.0.1 at 3053
   ...
   https-port: 3053
```
unbound will serve DNS requests on 53 port and do DoH on 3053.

P.S. As for the problem I was worried about... I was blind, the fourth host
was running dnscrypt-proxy (thanks ss!), after I stopped it and configured
unbound like the other hosts, everything works as expected.

[...]

---
WBR, Vladimir Lomov

-- 
The connection between the language in which we think/program and the problems
and solutions we can imagine is very close.  For this reason restricting
language features with the intent of eliminating programmer errors is at best
dangerous.
		-- Bjarne Stroustrup in "The C++ Programming Language"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20230516/7b9e6e6c/attachment.bin>

More information about the Unbound-users mailing list