I've been using Cloudflare's 184.108.40.206 DNS service for a while now and I just discovered that it supports DNS Over TLS which sounds sweet!
Most of the articles talking about how to do this use the Stubby program. It's in the Debian Testing repo but looks like it requires an update to libc6. Yikes. But I found the following article which describes how to use Unbound for the same thing.
https://www.dnsknowledge.com/unbound/co ... -on-linux/
It works great except for one thing. If I add the "tls-cert-bundle" option then I get an error about that being an unknown keyword. Looking into that closer it appears that option needs to be there for it to verify the SSL certificates and without that it's still vulnerable to man in the middle type attacks. :(
The version of Unbound in Debian Testing is updated but also requires an update to libc6. So that's not happening. Lol.
Has anyone else looked into this or have any ideas how to get SSL verification working?
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources
-- MX Linux on social media: here
-- Mepis support still here
-- MX-17.1 Final release info here
-- antiX-17 release info here
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules
2 posts • Page 1 of 1