1 May
2018
1 May
'18
2:40 p.m.
Hello,
The unbound init and the cgi scripts use dig 9.11.3, which has no native support for TLS. I'm trying to configure stunnel to act as MITM so that dig can succeed. I hope to restrict unbound to port 853 for listen and send, and use stunnel to listen on port 53 and forward to 853.
as far as I am aware, the knot-utils from CZ.NIC are capable of DNS over TLS. Maybe we should think about moving to them, or wait until bind-utils/dig are updated (not sure if we are running the latest version anyway).
Best regards, Peter Müller