Am 09.04.25 um 21:25 schrieb A. Schulze via Unbound-users:
Unbound 1.23.0rc1 pre-release is available:
maybe not new...
I've configured:
<usual setup>
interface: ::@443
https-port: 443
http-endpoint: "/doh-test"
tls-service-pem: "/path/to/cert+intermediate.pem"
tls-service-key: "/path/to/key.pem"
Then I do a query:
# kdig @unbound.example. hostname.bind. txt ch +https=/doh-test +short
"unbound.example"
But the log say "dot" !
Apr 09 22:48:01 unbound[1:0] reply: 2001:db8::2 hostname.bind. TXT CH NOERROR
0.000000 1 75 on dot :: 443
I would expect "doh/http/https" but not "dot"
Oh, btw:
compiled with openssl-3.5.0, both (dot and doh) support the new pq key exchange
out of the box.
# /usr/local/bin/openssl version
OpenSSL 3.5.0 8 Apr 2025 (Library: OpenSSL 3.5.0 8 Apr 2025)
# /usr/local/bin/openssl3 s_client -connect unbound.example:443 < /dev/null
2>&1 | grep group
Negotiated TLS1.3 group: X25519MLKEM768
# openssl3 s_client -connect unbound.dev.somaf.de:853 < /dev/null 2>&1 | grep
group
Negotiated TLS1.3 group: X25519MLKEM768
nice :-)
Andreas
