Op 18-03-2025 om 14:14 schreef Klaus Darilion via nsd-users:
We could modify that of course, but personally I also feel for the pin authentication that Knot-dns employs. Would that work for you?Answering myself (untested yet): It seems that ‘tls-cert-bundle:’ may be the solution to manually specify trust anchors. Frankly, this is a ‘server:’ option but I would have expected it under the tls-auth: section to be configurable per tls-context.
Regards, -- Willem
Regards Klaus*From:*nsd-users <nsd-users-boun...@lists.nlnetlabs.nl> *On Behalf Of *Klaus Darilion via nsd-users*Sent:* Monday, March 17, 2025 2:32 PM *To:* nsd-users@lists.nlnetlabs.nl *Subject:* [nsd-users] Can XoT use self-signed certificates? Hi! I am testing XoT with NSD as secondary.As far as I see, for certificate validation always the OS installed CA certificates are used. (/etc/ca-certificates.conf in Ubuntu)Is it possible to use self signed certificates and manually configure a trust-anchor (e.g. ca-file option in many other TLS supported software)?Is it possbile to use opportunistic/ephemeral TLS as supported by Bind? Thanks Klaus _______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
