Unbound - Verify common name of wildcard certificate?

[kode54]

It doesn't seem to be possible to set the common name string to a wildcard. Will it still verify if I enter a host, and the certificate has a wildcard CN that matches it? DNS over TLS doesn't seem to be working for Quad9 for me, it seems to be falling back to Recursion no matter what. Quad9's servers appear to return the CN of "*.quad9.net".

[danderson]

Quad 9 dns over tls works great for me. In the verify CN field put in dns.quad9.net

https://www.quad9.net/support/faq/

Does Quad9 support DNS over TLS?

We do support DNS over TLS on port 853 (the standard) using an auth name of dns.quad9.net

[kode54]

Sorry. Apparently, all my DNS troubles were because systemd-resolved on Arch default enables both LLMNR and mDNS, which were slowing down DNS for practically every query.