Maintained by: NLnet Labs

[Unbound-users] ssl-upstream

W.C.A. Wijngaards
Tue Jan 6 12:56:06 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Michael,

On 11/12/14 22:38, Michael M. Miskulin wrote:
> Hello
> 
> I configured a basic caching server.  Seems to work fine.  Now
> I've tried to enable "ssl-upstream" but to no avail.
> 
> What is the correct procedure to get this to work? Clearly it is
> more involved than just uncommenting that from the conf file.

You need to make the upstream DNS servers also have ssl enabled.  In
unbound this is the ssl-port, ssl-service-* config settings.  And then
you would need stub or forward clauses to point to those server(s).

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUq81WAAoJEJ9vHC1+BF+N/CwP/RRVqXBVn+LXKAGR0UriWuhH
sUNQyy+VwPSLNqZplxPwcqcZ/OIxeeAL1T4OKdVRVSqYd+sCc8c2acIhVY+wZ/rX
t4mKb2oFRetuODIRnGSSz6DTLCo3LApPAnvR0CzzoBKNunpymLYoXRLrnB5zszbA
8Wa1sG5ehu6rX4is4zRpmuoAUzjOe35ULKgISlOsSbTDtoqp1rsLVQUDG7AUbyRC
FLDchHD3FS5wSQrKJxgfd1zFs9+CRZjjiEGA347FQk61tP503WCHopy5b8US+sYF
bKB6DddyuRsrLBPuIR7kmOrPA1pU5/SFl3VNRjioGIpoAdygK00iG87af5nbVjvc
3QK1aijTkWw99UBcKuN/dkpSmnAC6GK84TCpPZv8Xt8TguJkv9yIwMMRXhHygomD
HpJMuqyhI2P1cl+KAp7iVDa7rHXXOvzUU4mj60lo28IqR5gk9cbFEE4FAwQYAoY/
s2cCrugUMZjZPzVJQaVPsufx/Ui3RDZqIbhTP5lr9UBbmmLgo7t2Ru9UEUqUiqRu
gJC2K+OOo37ZYdwwt0EFrkGsA5jro2SHkEU5cEsEgYG5QJTT91VAmd4y+2jczQWb
DTWzjWWMtT3d/TXa4SGgAQRng4BG/RW+xGlDfgsMFAJfIxjD4HwkNFmAT35G+UK2
crkkPwWSZgabAMjwPW4A
=NT/+
-----END PGP SIGNATURE-----