I'm trying to get my unbound server to handle DoT queries. I put this
in unbound.conf, restarted it, and it seems happy except that it doesn't
do DoT:
# ssl stuff
tls-service-key: /usr/local/etc/unbound/bethkey.pem
tls-service-pem: /usr/local/etc/unbound/bethcert.pem
tls-port: 853
# for later
tls-cert-bundle: /usr/local/etc/ssl/cert.pem
When I restart it, it says:
Starting unbound.
[1560705303] unbound[7166:0] debug: creating udp4 socket 192.168.80.2 53
[1560705303] unbound[7166:0] debug: creating tcp4 socket 192.168.80.2 53
[1560705303] unbound[7166:0] debug: creating udp4 socket 127.0.0.1 53
[1560705303] unbound[7166:0] debug: creating tcp4 socket 127.0.0.1 53
[1560705303] unbound[7166:0] debug: creating udp6 socket fe80::2 53
[1560705303] unbound[7166:0] debug: creating tcp6 socket fe80::2 53
[1560705303] unbound[7166:0] debug: switching log to syslog
Plenty of port 53 service, no port 853.
It's behind a NAT, but so are the clients. It's FreeBSD 12.0 running
the package, which is unbound 1.9.1. I looked at the port and I don't
see any options that would affect DoT.
The cert is self-signed, which I wouldn't think would be a problem.
