I've spent several hours trying various permutations of the following
config, but no matter what I do I can't get unbound to forward a DNS
request over TLS:
server:
tls-cert-bundle: "C:\Program Files\Unbound\cabundle.crt"
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
I'm on windows 10, unbound v1.7.1. I've been using nslookup to test:
C:\Users\Me>nslookup - 127.0.0.1
Default Server: localhost
Address: 127.0.0.1
> google.com
Server: localhost
Address: 127.0.0.1
*** localhost can't find google.com: Server failed
>
Following this request in wireshark, unbound is accurately requesting
DNS to the cloudflare server on tcp port 853, but is attempting to do
this without negotiating a TLS connection, which cloudflare
appropriately rejects.
Anyone have any ideas?
