specify multiple TLS-Ports?

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Mar 15 14:26:16 UTC 2018


Hi Andreas, Guillaume-Jean,

Sounds useful, so I've added the option to list a number of additional
tls ports to provide tls service on.  With additional-tls-port: 443
(perhaps more with more port numbers to provide tls service on) in
unbound.conf.

For other, you also need to configure an interface with the correct port
number, eg. interface: 127.0.0.1 at 443

The code is in the code repository (i.e. not the just already released
1.7.0).

Best regards, Wouter

On 15/03/18 13:54, Guillaume-Jean Herbiet via Unbound-users wrote:
> Hello,
> 
> I tried the exact same setup before (with version 1.6.7 and 1.6.8) and
> can confirm this.
> 
> In this situation first configured port is open but TLS handshake is not
> possible.
> 
> Being able to listen to several ports for TLS could be very handful to
> provide a DNS-over-TLS resolver:
> - on standard 853/tcp port
> - on 443/tcp port to offer an alternative in "hostile" networks where
> 853/tcp could be filtered.
> 
> I think this is also what Andreas is trying to achieve.
> 
> Regards,
> 
> On 2018-03-13 14:24, A. Schulze via Unbound-users wrote:
>> Hello,
>>
>> is it possible to configure unbound to listen on more then one port for TLS?
>>
>> I tried:
>>
>> server:
>>   access-control: 0.0.0.0/0 allow
>>   interface: 0.0.0.0
>>
>>   tls-service-pem: "/path/to/fullchain"
>>   tls-service-key: "/path/to/privkey"
>>
>>   interface: 0.0.0.0 at 853
>>   tls-port: 853
>>
>>   interface: 0.0.0.0 at 443
>>   tls-port: 443
>>
>>
>> but then there is no TLS handshake possible on port 853, only on port 443
>> Removing 443, enable 853 again.
>>
>> Andreas
>>
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180315/083061e0/attachment.bin>


More information about the Unbound-users mailing list