-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi RunxiaWan,
The 'Resolver' that you configured does not send traffic to the Forwarder, and this machine does not provide service on port 853 with SSL to clients. I am not sure if it should send traffic elsewhere in your design, but it is acting as a full resolver to the authority server s. The 'Forwarder' that you configured, is sending traffic to another address, and it sends it over port 853 with SSL upstream. It also does not provide service on port 853 with SSL to clients. Since neither of them is providing service on port 853 (with an interface: line that has @853 on it) and ssl-port set to 853, perhaps your design does not have a server that provides SSL service to clients. Such a server should also configure ssl-service-key and ssl-service-pem files with the certificate for the SSL service. Best regards, Wouter On 25/01/16 10:28, RunxiaWan via Unbound-users wrote: > Hi all, > > I am trying to use Unbound’s SSL upstream. Cause I am new to > Unbound here, I doubtI might configure them wrong.Both sides use > unbound1.5.7 > > The configuration ofResolver: > > server: > > directory: "/etc/unbound" > > username: root > > # make sure unbound can access entropy from inside the chroot. > > # e.g. on linux the use these commands (on BSD, devfs(8) is used): > > # mount --bind -n /dev/random /etc/unbound/dev/random > > # and mount --bind -n /dev/log /etc/unbound/dev/log > > chroot: "/etc/unbound" > > # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. > > pidfile: "/etc/unbound/unbound.pid" > > # verbosity: 1 # uncomment and increase to get more logging. > > # listen on all interfaces, answer queries from the local subnet. > > interface: 0.0.0.0 > > interface: ::0 > > access-control: 10.0.0.0/8 allow > > > > The configuration of Forwarder: > > # unbound.conf(5) config file for unbound(8). > > server: > > directory: "/etc/unbound" > > username: root > > # make sure unbound can access entropy from inside the chroot. > > # e.g. on linux the use these commands (on BSD, devfs(8) is used): > > # mount --bind -n /dev/random /etc/unbound/dev/random > > # and mount --bind -n /dev/log /etc/unbound/dev/log > > chroot: "/etc/unbound" > > # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. > > pidfile: "/etc/unbound/unbound.pid" > > # verbosity: 1 # uncomment and increase to get more logging. > > # listen on all interfaces, answer queries from the local subnet. > > interface: 0.0.0.0 > > interface: ::0 > > access-control: 10.0.0.0/8 allow > > tcp-upstream: yes > > ssl-upstream: yes > > ssl-port: 853 > > forward-zone: > > name: "." > > forward-addr: 10.4.1.2@853 > > server: > > ssl-upstream: yes > > tcp-upstream: yes > > do-daemonize: no > > logfile: "" > > verbosity: 10 > > Any help is welcome. Thanks. > > ** > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWpfNPAAoJEJ9vHC1+BF+NlN8P/1KL9AcNcS62RPmWFS4Ly9cx vOd7pkeVirFxbNMHw0wvOBSB/F0Cjqj+A1Pk5NcVVKOv9WxhCSNyws1hE89+Eku5 ysXw4Neu813F8vh3pj0G+JUOGiwoycTBKTjHCLtn69a73CQIzCTcVwcrKD1H1/6H x+540yu1Sn9EpSTu7ipM6ABhRGgOX0ivYfjXcnJTl2MNoCkOoXL6BdzCi2DBb7sD /Om9NmL95STDBq+JfVXw6c1WWDDwkHwaZU9x/aatweDP/wRXRgLAeczEm0AaZNT5 tjuBulPIXkj7BIUN+FJXUvmSEWqF8UvwNJyvrovce8ayGKIq7PpGddxkjafdBO3c aSKn6CEoIqawG5qEuNy6NSmOXYYGuvUfdMKJgjK1qGxzn6aUOGKCVmI8LXcExMCg fdN6qCNAR0AvpIlHDaZvpmFJJL9M/qrHqPfI3AnCOdo23vCLQ1/A4JNMIevYWjDl 9mU7yNQFYpshgkTjeCcS5MW/d0y1ZwqheabX9jVHyTHdZ7LsomGHonLNMYcKQA/1 2p00noBqpWbhv4tscdeLuD2fib3e7drMLJ6M8CHNnqAVrCmMPOuCi/DnTzDVWe6m gKwjv2AtxKMkLenTg4ojI4wS1blu6R08+VILb8mJJ8BXicz3E837YX5CU6Xz6dAG 0Lg/6YLGmgL1+I5mxqkr =oY0G -----END PGP SIGNATURE-----
