Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

DNS Over TLS

Post Reply
Message
Author
User avatar
rootetsy
Forum Novice
Forum  Novice
Posts: 21
Joined: Sat May 12, 2018 8:45 pm

DNS Over TLS

#1 Post by rootetsy » Sun Nov 11, 2018 4:19 pm

I've been using Cloudflare's 1.1.1.1 DNS service for a while now and I just discovered that it supports DNS Over TLS which sounds sweet!

Most of the articles talking about how to do this use the Stubby program. It's in the Debian Testing repo but looks like it requires an update to libc6. Yikes. But I found the following article which describes how to use Unbound for the same thing.
https://www.dnsknowledge.com/unbound/co ... -on-linux/

It works great except for one thing. If I add the "tls-cert-bundle" option then I get an error about that being an unknown keyword. Looking into that closer it appears that option needs to be there for it to verify the SSL certificates and without that it's still vulnerable to man in the middle type attacks. :(

The version of Unbound in Debian Testing is updated but also requires an update to libc6. So that's not happening. Lol.

Has anyone else looked into this or have any ideas how to get SSL verification working?

User avatar
r3trospect
Forum Novice
Forum  Novice
Posts: 2
Joined: Thu Dec 13, 2018 5:13 pm

Re: DNS Over TLS

#2 Post by r3trospect » Thu Dec 13, 2018 5:24 pm

Not sure about your case I'm using unmanaged server for learning purpose at D.O and using Let's Encrypt for free SSL/TLS cert, and it's pretty straight forward.

Post Reply

Return to “Chat”