Hi Andreas, Guillaume-Jean, Sounds useful, so I've added the option to list a number of additional tls ports to provide tls service on. With additional-tls-port: 443 (perhaps more with more port numbers to provide tls service on) in unbound.conf.
For other, you also need to configure an interface with the correct port number, eg. interface: 127.0.0.1@443 The code is in the code repository (i.e. not the just already released 1.7.0). Best regards, Wouter On 15/03/18 13:54, Guillaume-Jean Herbiet via Unbound-users wrote: > Hello, > > I tried the exact same setup before (with version 1.6.7 and 1.6.8) and > can confirm this. > > In this situation first configured port is open but TLS handshake is not > possible. > > Being able to listen to several ports for TLS could be very handful to > provide a DNS-over-TLS resolver: > - on standard 853/tcp port > - on 443/tcp port to offer an alternative in "hostile" networks where > 853/tcp could be filtered. > > I think this is also what Andreas is trying to achieve. > > Regards, > > On 2018-03-13 14:24, A. Schulze via Unbound-users wrote: >> Hello, >> >> is it possible to configure unbound to listen on more then one port for TLS? >> >> I tried: >> >> server: >> access-control: 0.0.0.0/0 allow >> interface: 0.0.0.0 >> >> tls-service-pem: "/path/to/fullchain" >> tls-service-key: "/path/to/privkey" >> >> interface: 0.0.0.0@853 >> tls-port: 853 >> >> interface: 0.0.0.0@443 >> tls-port: 443 >> >> >> but then there is no TLS handshake possible on port 853, only on port 443 >> Removing 443, enable 853 again. >> >> Andreas >> >
signature.asc
Description: OpenPGP digital signature