Instantly share code, notes, and snippets.

What would you like to do?
Unbound/BIND config for DNS over TLS to
options {
directory "/tmp";
listen-on-v6 { none; };
forwarders { port 2053;
auth-nxdomain no; # conform to RFC1035
notify yes; # notify slave server(s)
name: "."
forward-addr: # Cloudflare primary
forward-addr: # Cloudflare secondary
forward-addr: # primary
forward-addr: # secondary
forward-ssl-upstream: yes
do-tcp: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
use-caps-for-id: yes
do-ip6: no
do-not-query-localhost: no #leftover from using Unbound in front of BIND
port: 2053

This comment has been minimized.

Copy link

da2x commented Jun 3, 2018

You're not verifying the certificates of the forwarders with this setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment