On 11/01/2024 19:26, Peter Hessler via Unbound-users wrote:
:I wonder if unbound is flexible enough to discern that a request is either :DoH or DoT and then answer with the matching protocol ? : :Is that a silly idea ? : : :Thank you. : That isn't possible. The clients would expect different behaviour than what the server is providing.
In theory it should be possible to run DoT and DoH on the same port. The reason is that HTTP/2 requires an ALPN with the string 'h2'. The DoT RFC does not require a specific ALPN. But this should be enough. If the ALPN is h2, the server uses HTTP/2, for anything else, the server does DoT.
Note that at this time, unbound does not do this. However some proxies may be able to split TLS traffic based on ALPN.
