BIND to a DoT forwarder
Eli Sowash
eli at sowash.net
Wed Jun 14 12:15:56 UTC 2023
Greetings all... I'm puzzling my way through a DNS over TLS connection. I
am configuring a forwarder to OpenDNS via DoT.
I am running BIND 9.18.15-1+ubuntu22.04.1+isc+1-Ubuntu, and trying to
follow the documentation for a TLS block. In named.conf, I have:
tls OpenDNS-DoT {
ca-file "/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem";
remote-hostname "dns.opendns.com";
};
options {
forwarders port 853 tls OpenDNS-DoT {
// OpenDNS public
208.67.222.222;
208.67.220.220;
};
};
but the service fails with a fatal error, '{' expected near 'tls' in the
options block. I'm interpreting that named is not expecting to find 'tls'
in a forwarder statement. Am I using the tls block correctly with a
forwarder?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230614/6a95a069/attachment.htm>
More information about the bind-users
mailing list