How DoH settings should work
George (Yorgos) Thessalonikefs
george at nlnetlabs.nl
Tue May 16 13:19:10 UTC 2023
On 16/05/2023 14:54, Vladimir Lomov via Unbound-users wrote:
> Hello,
> ** George (Yorgos) Thessalonikefs via Unbound-users
> <unbound-users at lists.nlnetlabs.nl> [2023-05-16 12:25:50 +0200]:
>
>> Hi Vladimir,
>>
>> 'https-port:' makes sure that DoH is used for listening sockets using
>> that specific port.
>>
>> In order to use the port you need to explicitly define it with
>> 'interface:'.
>>
>> The port in 'interface:' is optional and will default to 53, or the
>> value of 'port:' if that is changed.
>>
>> For example, if you set 'https-port: 53', and don't define a port in
>> 'interface:', Unbound will only listen for DoH.
>>
>> In your case with the following configuration:
>> interface: ::1
>> interface: 127.0.0.1
>> interface: ::1 at 3053
>> interface: 127.0.0.1 at 3053
>> https-port: 3053
>>
>> Unbound will listen for plain DNS on port 53 and for DoH on port 3053
>> on 127.0.0.1 and ::1.
>
> Correct me if I'm wrong, but with
> ```
> interface: ::1
> interface: 127.0.0.1
> interface: ::1 at 3053
> interface: 127.0.0.1 at 3053
> ```
>
> and the rest set to the default the unbound will serve for DNS on 53 AND
> 3053
> ports.
Correct, 3053 is just another port for Unbound, so plain DNS.
>
> On the other hand, with
> ```
> interface: ::1
> interface: 127.0.0.1
> interface: ::1 at 3053
> interface: 127.0.0.1 at 3053
> ...
> https-port: 3053
> ```
> unbound will serve DNS requests on 53 port and do DoH on 3053.
Indeed. Here you define port 3053 as a DoH port.
Best regards,
-- Yorgos
>
> P.S. As for the problem I was worried about... I was blind, the fourth host
> was running dnscrypt-proxy (thanks ss!), after I stopped it and configured
> unbound like the other hosts, everything works as expected.
>
> [...]
>
> ---
> WBR, Vladimir Lomov
>
More information about the Unbound-users
mailing list