16
23.7 Legacy Series / [CALL FOR TESTING] Unbound DNS over TLS without explicit CA bundle
« on: November 28, 2023, 08:13:36 am »
Hi everyone,
Since we started using certctl for CA trust (also because FreeBSD ports curl moved to it) there is a small patch to Unbound DoT that needs widespread testing:
https://github.com/opnsense/core/commit/455e9d6e86d
# opnsense-patch 455e9d6e86d && pluginctl -s unbound restart
Functionally the two variants should be the same but the reality is that Unbound manual is very "mystic" about this particular option and all the tutorials on the Internet seem to prefer using the bundle file. All help testing this is welcome here.
Thanks,
Franco
Since we started using certctl for CA trust (also because FreeBSD ports curl moved to it) there is a small patch to Unbound DoT that needs widespread testing:
https://github.com/opnsense/core/commit/455e9d6e86d
# opnsense-patch 455e9d6e86d && pluginctl -s unbound restart
Functionally the two variants should be the same but the reality is that Unbound manual is very "mystic" about this particular option and all the tutorials on the Internet seem to prefer using the bundle file. All help testing this is welcome here.
Thanks,
Franco