Hello,
is it possible to configure unbound to listen on more then one port for TLS?
I tried:
server:
access-control: 0.0.0.0/0 allow
interface: 0.0.0.0
tls-service-pem: "/path/to/fullchain"
tls-service-key: "/path/to/privkey"
interface: 0.0.0.0@853
tls-port: 853
interface: 0.0.0.0@443
tls-port: 443
but then there is no TLS handshake possible on port 853, only on port 443
Removing 443, enable 853 again.
Andreas
Hello,
I tried the exact same setup before (with version 1.6.7 and 1.6.8) and
can confirm this.
In this situation first configured port is open but TLS handshake is not
possible.
Being able to listen to several ports for TLS could be very handful to
provide a DNS-over-TLS resolver:
- on standard 853/tcp port
- on 443/tcp port to offer an alternative in "hostile" networks where
853/tcp could be filtered.
I think this is also what Andreas is trying to achieve.
Regards,
Hi Andreas, Guillaume-Jean,
Sounds useful, so I've added the option to list a number of additional
tls ports to provide tls service on. With additional-tls-port: 443
(perhaps more with more port numbers to provide tls service on) in
unbound.conf.
For other, you also need to configure an interface with the correct port
number, eg. interface: 127.0.0.1@443
The code is in the code repository (i.e. not the just already released
1.7.0).
Best regards, Wouter