Hello. I have installed and configured unbound on some of my hosts and wanted to try DNS-over-HTTPS provided by unbound.
I figured out how to configure unbound (`interface`, `outgoing-interface` and
`access-control`) to use it on the local host and from the local network.
To use DoH, I generated a certificate for DoH and put this in `unbound.conf`:
```
tls-service-key: "/etc/cert/hosts/doh.key"
tls-service-pem: "/etc/cert/hosts/doh.crt"
https-port: 3053
```
But it didn't work, when I did
```
$ dig +https -p 3053 @::1 google.com
```
I got 'connection refused'.
I re-read the documentation carefully and found the following:
```
https-port: <number>
The port number on which to provide DNS-over-HTTPS service. Only interfaces
configured with that port number as @number get the HTTPS service.
Default: 443
```
If get it right, then besides these lines (example!):
```
interface: ::1
interface: 127.0.0.1
```
I also need these
```
interface: ::1@3053
interface: 127.0.0.1@3053
```
I added the appropriate lines on three hosts and now `dig +https` works! But
on the fourth host it works even without these lines! This puzzles me. The
hosts have different network settings, but the fourth host doesn't have a
public IPv6 address, only a ULA one.
So how should DoH be configured? If I change `https-port`, I MUST add
something like
```
interface: ::1@PORT
```
or is the `https-port` setting enough?
---
WBR, Vladimir Lomov
--
You will not censor me through bug terrorism.
-- James Troup
signature.asc
Description: PGP signature
