Hi,
More questions on DoT. Having setup DoT and got it all working, I was under the impression that all DNS queries would now use TLS over TCP. With that in mind I set: do-udp: no having changed that setting unbound will not answer any queries at all. Either local-data C:\>dig -x 192.168.1.20 ; <<>> DiG 9.14.4 <<>> -x 192.168.1.3 ;; global options: +cmd ;; connection timed out; no servers could be reached Or external C:\>dig www.microsoft.com ; <<>> DiG 9.14.4 <<>> www.microsoft.com ;; global options: +cmd ;; connection timed out; no servers could be reached With UDP enabled there are no problems. So the question is: Why does UDP have to be enabled? How can I be certain that ALL forwarded queries are over TCP if UDP is enabled? Regards Ray
