Unbound Plus Plugin and DoT hostname validation?

opnfwb · May 08, 2020, 06:11:18 AM

I had a question for @mimugmail or anyone else that may know how the Unbound Plus plugin is doing hostname validation for DoT implementations?

Currently, I'm using regular Unbound with the following entries in the Advanced section:

Code Select

# TLS Config
tls-cert-bundle: "/etc/ssl/cert.pem"
# Forwarding Config
forward-zone:
	name: "."
	forward-tls-upstream: yes
	forward-addr: 1.1.1.1@853#1dot1dot1dot1.cloudflare-dns.com
	forward-addr: 1.0.0.1@853#1dot1dot1dot1.cloudflare-dns.com

I would like to convert to using Unbound Plus plugin and input my DoT servers there. However, it does not appear to use the hostname for validation? Only the IP and Port?

mimugmail · May 08, 2020, 09:53:32 AM

Yes, it's in the making, needs some time

opnfwb · May 08, 2020, 03:54:59 PM

Thanks for the reply. If it is helpful, I am happy to test future versions. I have a few OPNsense VMs in a lab that I can demo stuff on before I push it to production.

Unbound Plus Plugin and DoT hostname validation?

opnfwb

May 08, 2020, 06:11:18 AM

mimugmail

May 08, 2020, 09:53:32 AM #1

opnfwb

May 08, 2020, 03:54:59 PM #2