Hi Raymond, On 03/05/18 22:43, Raymond Bannan via Unbound-users wrote: > I've spent several hours trying various permutations of the following > config, but no matter what I do I can't get unbound to forward a DNS > request over TLS:
This config looks correct. It should be connecting with TLS. Unless you have other options in unbound.conf that negate the lines you pasted here. Perhaps enable verbosity: 4 and logfile: "C:\unbound.log" and log-time-ascii: yes and then you have a logfile in plain text with details about what unbound is doing. Best regards, Wouter > > server: > tls-cert-bundle: "C:\Program Files\Unbound\cabundle.crt" > forward-zone: > name: "." > forward-ssl-upstream: yes > forward-addr: 1.1.1.1@853#cloudflare-dns.com > > I'm on windows 10, unbound v1.7.1. I've been using nslookup to test: > > C:\Users\Me>nslookup - 127.0.0.1 > Default Server: localhost > Address: 127.0.0.1 > >> google.com > Server: localhost > Address: 127.0.0.1 > > *** localhost can't find google.com: Server failed >> > > Following this request in wireshark, unbound is accurately requesting > DNS to the cloudflare server on tcp port 853, but is attempting to do > this without negotiating a TLS connection, which cloudflare > appropriately rejects. > > Anyone have any ideas? >
signature.asc
Description: OpenPGP digital signature
