Hey,
Thanks for reporting.
On 10 Dec 2018, at 12:32, ummeegge ummeegge@ipfire.org wrote:
A question, what happens with DoT on Lightningwirelabs --> https://www.lightningwirelabs.com/2018/05/03/dns-over-tls-now-available-on-o... ? I get there an
$ kdig -d @81.3.27.54 +tls-ca=/etc/ssl/certs/ca-bundle.crt +tls-host="ns1.lightningwirelabs.com" google.com; ;; DEBUG: Querying for owner(google.com.), class(1), type(1), server(81.3.27.54), port(853), protocol(TCP) ;; DEBUG: TLS, imported 128 certificates from '/etc/ssl/certs/ca-bundle.crt' ;; WARNING: can't connect to 81.3.27.54@853(TCP) ;; WARNING: failed to query server 81.3.27.54@853(TCP)
I recently made a change which caused that unbound didn’t listen on the TLS port any more.
I fixed that now.
The correct host name for that server is rec1.dns.lightningwirelabs.com.
-Michael
.
Best,
Erik