Maintained by: NLnet Labs

[Unbound-users] From Unbound To DNS Via SOCKS, and Choices

Paul Wouters
Sat Nov 3 20:38:11 CET 2012


On Fri, 2 Nov 2012, Bry8 Star wrote:

> So my understanding is, one "Unbound" can use only
> one set of upstream / outbound TLS/SSL cert/keys to
> connect with another unbound instance.
>
> but more than one set of cert/keys cannot be specified
> in one "Unbound".
>
> whereas, i wanted to use different type of cert for
> different type of DNS-Servers/name-servers (which are
> using different DNS server software, which supports
> TLS/SSL encrypted & secured connections).
>
> Since i'm tryin to connect securely with different
> dns-servers/name-servers, which are using different
> DNS Server/Resolver software and different cert/keys,
> one unbound will (most likely) not be able to connect
> with all at the same time.
>
> So alternatively, can these be done ?

No. There is no "DNS over TLS" standard, so you will not
be able to do that, unless you hide the TLS tunneling

I still think you are looking for a problem to a built solution.

Paul