From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [Fwd: Re: request for info: unbound via https / tls]
Date: Mon, 10 Dec 2018 13:26:33 +0000
Message-ID: <3715CBEA-98D0-4F9B-93CE-958F51F1E62C@ipfire.org>
In-Reply-To: <a79ff914e3244e5a5425e0083e9ecfbe44c285fe.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0888325270583845924=="
List-Id: <development.lists.ipfire.org>

--===============0888325270583845924==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hey,

Thanks for reporting.

> On 10 Dec 2018, at 12:32, ummeegge <ummeegge(a)ipfire.org> wrote:
>=20
> A question,
> what happens with DoT on Lightningwirelabs -->
> https://www.lightningwirelabs.com/2018/05/03/dns-over-tls-now-available-on-=
our-resolvers ?
> I get there an
>=20
> $ kdig -d @81.3.27.54 +tls-ca=3D/etc/ssl/certs/ca-bundle.crt +tls-host=3D"n=
s1.lightningwirelabs.com" google.com;
> ;; DEBUG: Querying for owner(google.com.), class(1), type(1), server(81.3.2=
7.54), port(853), protocol(TCP)
> ;; DEBUG: TLS, imported 128 certificates from '/etc/ssl/certs/ca-bundle.crt'
> ;; WARNING: can't connect to 81.3.27.54(a)853(TCP)
> ;; WARNING: failed to query server 81.3.27.54(a)853(TCP)

I recently made a change which caused that unbound didn=E2=80=99t listen on t=
he TLS port any more.

I fixed that now.

The correct host name for that server is rec1.dns.lightningwirelabs.com.

-Michael

> .
>=20
> Best,
>=20
> Erik
>=20


--===============0888325270583845924==--