Opening DoH 443/TCP without opening 443/UDP (NSD has similar issue on DoT)
A. Schulze
sca at andreasschulze.de
Thu Feb 6 20:06:26 UTC 2025
Am 22.01.25 um 17:06 schrieb Yorgos Thessalonikefs via Unbound-users:
> However I think that for encrypted channels on single transport protocols, like your example, it is not desirable to have both encrypted and unencrypted traffic on the same port.
>
> https://github.com/NLnetLabs/unbound/commit/f822042cd027d380a5050a48c7ac1c5073dbaad5 solves that specifically for encrypted transports where if one of DoT,DoH or DoQ are used on the interface, the other transport will only allow encrypted variants as well.
Hello Yorgos,
could you please consider to port that patch for NSD? If DoT is configure on Port 853 (TCP),
Do53 is possible via UDP, which is unexpected.
Andreas
More information about the Unbound-users
mailing list