Andreas: Thanks for your response. Need to explain about the 127.0.0.1. I am running this on a raspberry pi along with PiHole. Pihole answered the initial inquiry and forwards to Unbound if it doesnt have the info. >From what I had read, I thought that I could configure Unbound to talk DoH to upstream DNS. Looks like it isnt an option at this point.
Ron On Mon, Feb 22, 2021 at 1:44 PM A. Schulze via Unbound-users < [email protected]> wrote: > > > Am 22.02.21 um 17:36 schrieb Ronald Nutter via Unbound-users: > > #configuring unbound to use DoH > > server: > > interface: 127.0.0.1@443 > > tls-service-key "key.pem" > > tls-service-pem: "cert.pem" > No, unbound don't magically "use" DoH with this configuration. > This set up a DoH **server**. As you selected 127.0.0.1, it will be > reachable only from DoH clients running on localhost. > It's not what you want ... > > > > # Adapted from TLS/DoT instructions, so not sure about this > > forward-zone: > > name: "." > > forward-tls-upstream: yes > note the "-tls-" It enable unbound acting as DoT client > > > # Cloudflare DNS > > forward-addr: 2606:4700:4700::1111@443#cloudflare-dns.com > > forward-addr: 1.1.1.1@443#cloudflare-dns.com > > forward-addr: 2606:4700:4700::1001@443#cloudflare-dns.com > > forward-addr: 1.0.0.1@443#cloudflare-dns.com > you've configured unbound to talk TLS with a DoH Server > > > > > Is this correct ? > no > > > Would appreciate any pointers in helping get this to work > I'm not aware, unbound (up to 13.1) can act as DoH client > > Stay with DoT to CF for now. > > Andreas > > >
