Greetings all... I'm puzzling my way through a DNS over TLS connection. I
am configuring a forwarder to OpenDNS via DoT.
I am running BIND 9.18.15-1+ubuntu22.04.1+isc+1-Ubuntu, and trying to
follow the documentation for a TLS block. In named.conf, I have:
tls OpenDNS-DoT {
ca-file "/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem";
remote-hostname "dns.opendns.com";
};
options {
forwarders port 853 tls OpenDNS-DoT {
// OpenDNS public
208.67.222.222;
208.67.220.220;
};
};
but the service fails with a fatal error, '{' expected near 'tls' in the
options block. I'm interpreting that named is not expecting to find 'tls'
in a forwarder statement. Am I using the tls block correctly with a
forwarder?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
