Unbound: Add support for DNS over TLS to internal clients
Add support for DNS over TLS to internal clients.
A description of the feature can be found here.
Unbound has supported it for a while. I don't see much value in enabling this for internal clients, so I am making this mostly to document what would need to be done to include support to clients.
Add a checkbox to the Advanced settings:
Label: DNS over TLS
Description: Provide DNS over TLS port 853 to internal clients. Uses webConfigurator Cert.
If checked, add the following to unbound's config under the server section:
ssl-service-key: "<path to key used in webConfigurator>"
ssl-service-pem: "<path to cert used in webConfigurator>"