Hi Yorgos, Thank you for making the commit, I agree with your reasoning.
Kind regards, Dominic. On Wed, 22 Jan 2025 at 16:07, Yorgos Thessalonikefs via Unbound-users <unbound-users@lists.nlnetlabs.nl> wrote: > > Hi Dominic, > > This wasn't possible as you may need for example to usually listen on > both UDP and TCP on port 53. > > However I think that for encrypted channels on single transport > protocols, like your example, it is not desirable to have both encrypted > and unencrypted traffic on the same port. > > https://github.com/NLnetLabs/unbound/commit/f822042cd027d380a5050a48c7ac1c5073dbaad5 > solves that specifically for encrypted transports where if one of > DoT,DoH or DoQ are used on the interface, the other transport will only > allow encrypted variants as well. > > For your example only DoQ is allowed to open UDP next to DoH. > > Best regards, > -- Yorgos > > On 09/01/2025 16:22, Dominic Preston via Unbound-users wrote: > > Hi, I have an Unbound resolver serving standard DNS over 53/UDP and 53/TCP. > > > > It also serves DNS-over-HTTPS queries over 443/TCP by way of this > > instruction: > > interface: 2603:1c78:b7fa:b2df:8fad:3f52:0955:d930@443 > > > > In this configuration, standard DNS is still served over 443/UDP, > > despite 443/TCP not serving standard DNS. Is there any way to close 443/ > > UDP without disabling anything else or invoking a firewall rule? > > > > Thanks, > > Dominic. >
