DNS over TLS not working

Raymond Bannan raymond at raymond.life
Thu May 3 20:43:48 UTC 2018


I've spent several hours trying various permutations of the following 
config, but no matter what I do I can't get unbound to forward a DNS 
request over TLS:

server:
     tls-cert-bundle: "C:\Program Files\Unbound\cabundle.crt"
forward-zone:
     name: "."
     forward-ssl-upstream: yes
     forward-addr: 1.1.1.1 at 853#cloudflare-dns.com

I'm on windows 10, unbound v1.7.1.  I've been using nslookup to test:

C:\Users\Me>nslookup - 127.0.0.1
Default Server:  localhost
Address:  127.0.0.1

 > google.com
Server:  localhost
Address:  127.0.0.1

*** localhost can't find google.com: Server failed
 >

Following this request in wireshark, unbound is accurately requesting 
DNS to the cloudflare server on tcp port 853, but is attempting to do 
this without negotiating a TLS connection, which cloudflare 
appropriately rejects.

Anyone have any ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180503/33a5eb70/attachment.htm>


More information about the Unbound-users mailing list