Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.2 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules


Post Reply
User avatar
Forum Novice
Forum  Novice
Posts: 41
Joined: Sat May 12, 2018 8:45 pm



Post by rootetsy » Sun Nov 11, 2018 4:19 pm

I've been using Cloudflare's DNS service for a while now and I just discovered that it supports DNS Over TLS which sounds sweet!

Most of the articles talking about how to do this use the Stubby program. It's in the Debian Testing repo but looks like it requires an update to libc6. Yikes. But I found the following article which describes how to use Unbound for the same thing.
https://www.dnsknowledge.com/unbound/co ... -on-linux/

It works great except for one thing. If I add the "tls-cert-bundle" option then I get an error about that being an unknown keyword. Looking into that closer it appears that option needs to be there for it to verify the SSL certificates and without that it's still vulnerable to man in the middle type attacks. :(

The version of Unbound in Debian Testing is updated but also requires an update to libc6. So that's not happening. Lol.

Has anyone else looked into this or have any ideas how to get SSL verification working?

Forum Novice
Forum  Novice
Posts: 7
Joined: Thu Dec 13, 2018 5:13 pm

Re: DNS Over TLS


Post by r3trospect » Thu Dec 13, 2018 5:24 pm

Not sure about your case I'm using unmanaged server for learning purpose at D.O and using Let's Encrypt for free SSL/TLS cert, and it's pretty straight forward.

Post Reply

Return to “Chat”