Maintained by: NLnet Labs

DNS over TLS

Marco Davids (SIDN)
Mon Oct 24 15:33:44 CEST 2016


On 24/10/2016 09:28, W.C.A. Wijngaards via Unbound-users wrote:

> Is ssl-upstream setting perhaps the one that is bothering you?  I have
> no other clues, unfortunately.

Could be.

I need that setting (=yes) to get the "."-forward to
2620:ff:c000:0:1::64:25 at 853. to work, obviously.

But it seems to bother me when I just want to have a "xyz"-forward to
2620:ff:c000:0:1::64:25 at 853, right?

Is there a way to work around this?

Or is a forward to TCP-TLS simply not possible for anything other than "."?

--
Marco

> On 23/10/16 15:19, Marco Davids (SIDN) via Unbound-users wrote:
>> Hi,
>>
>> So I wanted to play a little with DNS over TLS and found this:
>>
>> forward-zone:
>>        name: "."
>>        forward-addr: 2620:ff:c000:0:1::64:25 at 853
>>
>> Works.
>>
>> But trying to forward just a portion of my DNS-queries to this resolver
>> does not seem to work, like in:
>>
>> forward-zone:
>>        name: "xyz"
>>        forward-addr: 2620:ff:c000:0:1::64:25 at 853
>>
>> Am I doing something wrong perhaps?
>>