From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Simmons <mbatranch@gmail.com>
To: development@lists.ipfire.org
Subject: request for info: unbound via https / tls
Date: Wed, 04 Apr 2018 12:38:30 -0500
Message-ID: <1522863510.21126.19.camel@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8663863892447176879=="
List-Id: <development.lists.ipfire.org>

--===============8663863892447176879==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

For Core119, I'm currently using a patch to /etc/init.d/unbound:

 https://gitlab.com/snippets/1706804

because my (only available) ISP mangles port 53 traffic, effectively
disabling DNS outside of my private firewall.

I wonder if configuring unbound so that forward requests use DNSSEC
over HTTPS or TLS would be a better (and more secure) solution? Also
see:

https://forum.ipfire.org/viewtopic.php?f=27&t=20575#p115342

https://forum.ipfire.org/viewtopic.php?f=50&t=20574

Comments and test configurations are welcome!

Paul


--===============8663863892447176879==--