-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
> > No. There is no "DNS over TLS" standard, so you will not > be able to do that, unless you hide the TLS tunneling > > I still think you are looking for a problem to a built solution. > I never asked for a "DNS over TLS" standard ! Paul, what are you talking about "problem to a built solution" ! ! - From the first email, i'm keep on asking for a solution to connect securely (encrypted) with a DNS-server, (so that someone in the middle does not know what exact domain my DNS-client/resolver is querying, primarily for privacy reasons & concerns). Haven't you noticed the HTTPS-DNS feature(s) used by many public DNS-Servers ? http://www.privacyfoundation.de/projekte/https_dns/ I thought "Unbound" alone, or with a assistant from simple tool, it will be able to use those HTTPS-DNS features (on windows platforms), to connect with those DNS-Servers. Anyway, MORE QUESTIONS REMAINED UN-ANSWERED, as well as no-one cared to responed/answered even simple 'unbound' related questions which i'm placing in each email, since the first email ! - -- Bright Star (Bry8Star). Paul Wouters wrote:\nReceived on 2012-11-03 12:38 PM [GMT-08:00]:: > On Fri, 2 Nov 2012, Bry8 Star wrote: > >> So my understanding is, one "Unbound" can use only >> one set of upstream / outbound TLS/SSL cert/keys to >> connect with another unbound instance. >> >> but more than one set of cert/keys cannot be specified >> in one "Unbound". >> >> whereas, i wanted to use different type of cert for >> different type of DNS-Servers/name-servers (which are >> using different DNS server software, which supports >> TLS/SSL encrypted & secured connections). >> >> Since i'm tryin to connect securely with different >> dns-servers/name-servers, which are using different >> DNS Server/Resolver software and different cert/keys, >> one unbound will (most likely) not be able to connect >> with all at the same time. >> >> So alternatively, can these be done ? > > No. There is no "DNS over TLS" standard, so you will not > be able to do that, unless you hide the TLS tunneling > > I still think you are looking for a problem to a built solution. > > Paul -----BEGIN PGP SIGNATURE----- iF4EAREKAAYFAlCYd3UACgkQiDbboldsEOxVgwD/TZppAf9wq6Aot/EI6BhZqFkI ysRnB/pWWL0zsS3WaEgA/3a7c62tgjN1p3mvmZ+0TEGKszUo4GF3jQBOMrD1kOh/ =vvt/ -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
