Project

General

Profile

Actions

Feature #8030

closed

Unbound: Add support for DNS over TLS to internal clients

Added by Mathew Keith over 6 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
DNS Resolver
Target version:
Start date:
10/30/2017
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Add support for DNS over TLS to internal clients.

A description of the feature can be found here.
https://dnsprivacy.org/wiki/

Unbound has supported it for a while. I don't see much value in enabling this for internal clients, so I am making this mostly to document what would need to be done to include support to clients.

Add a checkbox to the Advanced settings:
Label: DNS over TLS
Description: Provide DNS over TLS port 853 to internal clients. Uses webConfigurator Cert.

If checked, add the following to unbound's config under the server section:
ssl-service-key: "<path to key used in webConfigurator>"
ssl-service-pem: "<path to cert used in webConfigurator>"
ssl-port: 853

Actions

Also available in: Atom PDF