OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: opnfwb on May 08, 2020, 06:11:18 am

Title: Unbound Plus Plugin and DoT hostname validation?
Post by: opnfwb on May 08, 2020, 06:11:18 am

I had a question for @mimugmail or anyone else that may know how the Unbound Plus plugin is doing hostname validation for DoT implementations?

Currently, I'm using regular Unbound with the following entries in the Advanced section:

Code: [Select]

# TLS Config
tls-cert-bundle: "/etc/ssl/cert.pem"
# Forwarding Config
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#1dot1dot1dot1.cloudflare-dns.com
forward-addr: 1.0.0.1@853#1dot1dot1dot1.cloudflare-dns.com
I would like to convert to using Unbound Plus plugin and input my DoT servers there. However, it does not appear to use the hostname for validation? Only the IP and Port?

Title: Re: Unbound Plus Plugin and DoT hostname validation?
Post by: mimugmail on May 08, 2020, 09:53:32 am

Yes, it's in the making, needs some time

Title: Re: Unbound Plus Plugin and DoT hostname validation?
Post by: opnfwb on May 08, 2020, 03:54:59 pm

Thanks for the reply. If it is helpful, I am happy to test future versions. I have a few OPNsense VMs in a lab that I can demo stuff on before I push it to production.