Maintained by: NLnet Labs

[Unbound-users] From Unbound To DNS Via SOCKS, and Choices

Bry8 Star
Tue Nov 6 03:35:35 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


> 
> No. There is no "DNS over TLS" standard, so you will not
> be able to do that, unless you hide the TLS tunneling
> 
> I still think you are looking for a problem to a built solution.
> 

I never asked for a "DNS over TLS" standard !
Paul, what are you talking about "problem to a built solution" ! !

- From the first email, i'm keep on asking for a solution to connect
securely (encrypted) with a DNS-server, (so that someone in the
middle does not know what exact domain my DNS-client/resolver is
querying, primarily for privacy reasons & concerns).

Haven't you noticed the HTTPS-DNS feature(s) used by many public
DNS-Servers ?
http://www.privacyfoundation.de/projekte/https_dns/

I thought "Unbound" alone, or with a assistant from simple tool, it
will be able to use those HTTPS-DNS features (on windows platforms),
to connect with those DNS-Servers.

Anyway, MORE QUESTIONS REMAINED UN-ANSWERED, as well as no-one cared
to responed/answered even simple 'unbound' related questions which
i'm placing in each email, since the first email !

- -- Bright Star (Bry8Star).




Paul Wouters wrote:\nReceived on 2012-11-03 12:38 PM [GMT-08:00]::
> On Fri, 2 Nov 2012, Bry8 Star wrote:
> 
>> So my understanding is, one "Unbound" can use only
>> one set of upstream / outbound TLS/SSL cert/keys to
>> connect with another unbound instance.
>>
>> but more than one set of cert/keys cannot be specified
>> in one "Unbound".
>>
>> whereas, i wanted to use different type of cert for
>> different type of DNS-Servers/name-servers (which are
>> using different DNS server software, which supports
>> TLS/SSL encrypted & secured connections).
>>
>> Since i'm tryin to connect securely with different
>> dns-servers/name-servers, which are using different
>> DNS Server/Resolver software and different cert/keys,
>> one unbound will (most likely) not be able to connect
>> with all at the same time.
>>
>> So alternatively, can these be done ?
> 
> No. There is no "DNS over TLS" standard, so you will not
> be able to do that, unless you hide the TLS tunneling
> 
> I still think you are looking for a problem to a built solution.
> 
> Paul
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAlCYd3UACgkQiDbboldsEOxVgwD/TZppAf9wq6Aot/EI6BhZqFkI
ysRnB/pWWL0zsS3WaEgA/3a7c62tgjN1p3mvmZ+0TEGKszUo4GF3jQBOMrD1kOh/
=vvt/
-----END PGP SIGNATURE-----