Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: kode54 on September 06, 2023, 04:39:56 AM

Title: Unbound - Verify common name of wildcard certificate?
Post by: kode54 on September 06, 2023, 04:39:56 AM
It doesn't seem to be possible to set the common name string to a wildcard. Will it still verify if I enter a host, and the certificate has a wildcard CN that matches it? DNS over TLS doesn't seem to be working for Quad9 for me, it seems to be falling back to Recursion no matter what. Quad9's servers appear to return the CN of "*.quad9.net".
Title: Re: Unbound - Verify common name of wildcard certificate?
Post by: danderson on September 06, 2023, 05:46:11 AM
Quad 9 dns over tls works great for me. In the verify CN field put in dns.quad9.net

https://www.quad9.net/support/faq/

Does Quad9 support DNS over TLS?

We do support DNS over TLS on port 853 (the standard) using an auth name of dns.quad9.net

Title: Re: Unbound - Verify common name of wildcard certificate?
Post by: kode54 on September 06, 2023, 07:21:48 AM
Sorry. Apparently, all my DNS troubles were because systemd-resolved on Arch default enables both LLMNR and mDNS, which were slowing down DNS for practically every query.
Text only | Text with Images