From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [Fwd: Re: request for info: unbound via https / tls] Date: Tue, 01 May 2018 16:40:51 +0200 Message-ID: <45075a10-3447-480e-dcc5-4878242e6a82@link38.eu> In-Reply-To: <1525185205.3530.14.camel@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0712260354558574522==" List-Id: --===============0712260354558574522== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hello, > > The unbound init and the cgi scripts use dig 9.11.3, which has no > native support for TLS. I'm trying to configure stunnel to act as MITM > so that dig can succeed. I hope to restrict unbound to port 853 for > listen and send, and use stunnel to listen on port 53 and forward to > 853. as far as I am aware, the knot-utils from CZ.NIC are capable of DNS over TLS. Maybe we should think about moving to them, or wait until bind-utils/dig are updated (not sure if we are running the latest version anyway). Best regards, Peter Müller --===============0712260354558574522== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUVC Q2dBR0JRSmE2SHg3QUFvSkVObEk4Zzk5ZTU5b1laMFAvMERPbDNybVFsdFNBTnFmdDdLTE9jTGYK cEVvOWd2ckNIMmZ4VFRqTmhCSzlmQ3ZuaEpVNjQwbnBFSmZmWlNMODhXbytEV1VUZ0ZPY29lRGJD R0E2ZHFGYQptSkpTR01ZWkV6UVpTeFVEdUEzN0ZXd0ZhMVhTYTQreXZkZ2plS1J2alhxU09sTnpX aDJXSG1WMXNHZUlCRGpICitTWkFkRmVZc3U5TGhaRkZUVUNqSkZQblZZZitkakswa2ExWUFsR1k2 Wm1OQlg2bjhScGFxMmpaRzhWQU9hanEKUnBRNEFGQStYMERWOXJGczZHMEpvWU1Md2pIM01UTEpE YjVqN1UzTW9XQjcxSFg1bGtaQkdhVDlnd1M0Mm56ZgpmTW96a2tZYWpteDF0MGF3ZnV6Z3EyT2d3 N1lTQlk2VzR4aXhQRk1IQVlaZjY2U0xrLzZnb0NRT0dNNG8zNTVYCkxRYUZJWHNsWjBOcUJoQnVK L0FpdmQ2SzVKTWZnbU0rQXozeGpMWlhSM21sNVIwTit0YkRpVlJleXo3WC9HL0EKc3pGY1BRV1Vu RmJsN0ZzZUM1ZndqWTV3RlpHWHloemZPRllRVjRxSXM3NGJqdDE2b2RRVTBkWC9KSjY4Y3dmSApQ QTBDUXdmWVZIU0lUZmZLckg5WEtlc3RNOEJkNlZ4c0R3cjRqYUpZZy9FSkZvSm5wMWU3NktnOG44 ZjBRYUpzCnhqS3pENmpKenB2d0k0c0dLUWI3WFpwZXA2SkRxWXJ6ZStxNWtiVkxnSGZ3OXBVamRB OFc1QjlaSmFnd0dSUjUKS2EyZzBjNGpBRjgwbzlUaXc4R0lBVnNiQ3dpd00xaWNQZEwyWFRwSDE4 a2J3SkIrUWYvU3pLWnNTVGRZcCsxRgpZS2JRbDdqdmNjNWdSbGdTOE92Kwo9cEFqYwotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============0712260354558574522==--