Hey,

Thanks for reporting.

> On 10 Dec 2018, at 12:32, ummeegge <ummeegge(a)ipfire.org> wrote:
> 
> A question,
> what happens with DoT on Lightningwirelabs -->
> https://www.lightningwirelabs.com/2018/05/03/dns-over-tls-now-available-on-our-resolvers ?
> I get there an
> 
> $ kdig -d @81.3.27.54 +tls-ca=/etc/ssl/certs/ca-bundle.crt +tls-host="ns1.lightningwirelabs.com" google.com;
> ;; DEBUG: Querying for owner(google.com.), class(1), type(1), server(81.3.27.54), port(853), protocol(TCP)
> ;; DEBUG: TLS, imported 128 certificates from '/etc/ssl/certs/ca-bundle.crt'
> ;; WARNING: can't connect to 81.3.27.54(a)853(TCP)
> ;; WARNING: failed to query server 81.3.27.54(a)853(TCP)

I recently made a change which caused that unbound didn’t listen on the TLS port any more.

I fixed that now.

The correct host name for that server is rec1.dns.lightningwirelabs.com.

-Michael

> .
> 
> Best,
> 
> Erik
>