specify multiple TLS-Ports?

Guillaume-Jean Herbiet gjherbiet at restena.lu
Thu Mar 15 12:54:16 UTC 2018


Hello,

I tried the exact same setup before (with version 1.6.7 and 1.6.8) and
can confirm this.

In this situation first configured port is open but TLS handshake is not
possible.

Being able to listen to several ports for TLS could be very handful to
provide a DNS-over-TLS resolver:
- on standard 853/tcp port
- on 443/tcp port to offer an alternative in "hostile" networks where
853/tcp could be filtered.

I think this is also what Andreas is trying to achieve.

Regards,

On 2018-03-13 14:24, A. Schulze via Unbound-users wrote:
> Hello,
> 
> is it possible to configure unbound to listen on more then one port for TLS?
> 
> I tried:
> 
> server:
>   access-control: 0.0.0.0/0 allow
>   interface: 0.0.0.0
> 
>   tls-service-pem: "/path/to/fullchain"
>   tls-service-key: "/path/to/privkey"
> 
>   interface: 0.0.0.0 at 853
>   tls-port: 853
> 
>   interface: 0.0.0.0 at 443
>   tls-port: 443
> 
> 
> but then there is no TLS handshake possible on port 853, only on port 443
> Removing 443, enable 853 again.
> 
> Andreas
> 

-- 
Guillaume-Jean Herbiet, PhD
System engineer

Fondation RESTENA / dns.lu
2, avenue de l'Université
L-4365 Esch-sur-Alzette
tél.: (+352) 42 44 09
fax.: (+352) 42 24 73
https://www.restena.lu  https://www.dns.lu

Public key ID: 0x3A4C47C7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180315/2ffe4f26/attachment.bin>


More information about the Unbound-users mailing list