From nobody Sat May 13 10:46:31 2023
X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QJMll0Wthz4BFH0
	for <freebsd-questions@mlmmj.nyi.freebsd.org>; Sat, 13 May 2023 10:47:31 +0000 (UTC)
	(envelope-from mattik@gwsit.com.au)
Received: from se8.syd.hostingplatform.net.au (se8.syd.hostingplatform.net.au [IPv6:2400:b800:6::52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QJMlk5yQnz3qML
	for <freebsd-questions@freebsd.org>; Sat, 13 May 2023 10:47:30 +0000 (UTC)
	(envelope-from mattik@gwsit.com.au)
Authentication-Results: mx1.freebsd.org;
	none
Received: from s02ad.syd2.hostingplatform.net.au ([103.27.32.38])
	by se8.syd.hostingplatform.net.au with esmtps (TLSv1.2:AES128-GCM-SHA256:128)
	(Exim 4.92)
	(envelope-from <mattik@gwsit.com.au>)
	id 1pxmmT-0002qS-DA
	for freebsd-questions@freebsd.org; Sat, 13 May 2023 20:47:23 +1000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=gwsit.com.au; s=default; h=Content-Transfer-Encoding:Content-Type:
	MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date:Sender
	:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
	List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=i1VNHj7q83FAPZKT7ZOaylFrSKODJOgB13k2ThS0D5M=; b=lwe4VUqzsb/XVZo57xXl/g9GM4
	0Ib/EYeSISk6qE06pCnNTJHh4r168acCzhLh2fPw+L9iWtZv5BdqwNNyP7XFe4AknD1BOvjWke/+a
	lSYZHzGREsF0ftnWfxHI9Wp5dL1lGuLQMsbBkjpNeHyJgYWBJHr22dLdZv6/Svz8V/aUgQAQDUz6q
	rhTLyyNFbG1PvAPm91F13EqbnLTftyvQ2eedDoiDUJ0y13V+u+IulUAMf3FC6QsrcQJGPt5AxfB6I
	686tQO2XFSmKdsyMW4mIDbkyuNpL8wSARUGPxUdLb6oBNNh4T0lbuOEl2POzKcrRja2F6Gx7voYpr
	/IUjijGQ==;
Received: from 180-150-31-87.b4961f.syd.static.aussiebb.net ([180.150.31.87]:50704 helo=ws1.wobblyboot.net)
	by s02ad.syd2.hostingplatform.net.au with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <mattik@gwsit.com.au>)
	id 1pxmln-000aEr-1z;
	Sat, 13 May 2023 20:46:35 +1000
Date: Sat, 13 May 2023 20:46:31 +1000
From: matti k <mattik@gwsit.com.au>
To: LuMiWa <lumiwa@dismail.de>
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: unbound
Message-ID: <20230513204631.4262b899@ws1.wobblyboot.net>
In-Reply-To: <20230513053351.6e101f66@dismail.de>
References: <20230513053351.6e101f66@dismail.de>
X-Mailer: Claws Mail 3.19.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - s02ad.syd2.hostingplatform.net.au
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gwsit.com.au
X-Get-Message-Sender-Via: s02ad.syd2.hostingplatform.net.au: authenticated_id: mattik@gwsit.com.au
X-Authenticated-Sender: s02ad.syd2.hostingplatform.net.au: mattik@gwsit.com.au
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Originating-IP: 103.27.32.38
X-SpamExperts-Domain: out-2.hostyourservices.net
X-SpamExperts-Username: 103.27.32.38
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT9WLQux0N3HQm8ltz8rnu+BPUtbdvnXkggZ
 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5zBwzYOyw3TMVcHXgRum+xE5RmX5Wddz27geQcwtt3ZFCo/
 xMM0hxORRmMMI7DUTwhoHIstE1NmtgiyL8wfTy+x5g+sHZmT3CLVmxntdIVybdBEBhMDar97Xt3q
 6S2Hieiwhqufh5var6OCFba8E7kiBVisGv8MyVI5ms3guyJnGmRldNaEjOrsGXQcVbXAOCkUOled
 bu+r9+W9cDXvzL3SVAg1ZfmW/GjdTAjWUrrrX7A+BsIrAO5wNoMhbD4alvMUx7MG2wf4WvmVq0gI
 vEpMsXte0CH4ExjoF85tff90A1HUoVwaoyKiseY5we892IYad3lsxkDrjYxAaP1hGz0QyGcCgytU
 Mu2J9HJXA1Uo4ECf6ZPkwCnha0jZQSrrr9TVcww7xhc701iLVrjS73GRcd3QbXHil9nVohJvu6B5
 vcQRHhpp7PEHhQA50A06366v4jwfZ2w/Im/Py0Sgy/bl2ah/aQzn5Dzh9/RiXLEPQdtD3S+Jrk4L
 un+T8QznUYUZIKC9G3JBLnu48CZ5VbHJ2OUMeHyTpNN0eXybX/w7//Zvfrj9M8hBE8kGoYdZPbvI
 vpHE180LhVBTvmHeF2BunYD7Ah9TV/OXa7LHilBVU7SEmRK7ABys6PXxB+/LGjvGlpU81HpzO1KB
 /tCIx5DHuUciAc2sd7tgxlBC/PaMBddFVXnrNZAabVljZwloYb4BVZ3XtVCQmC3XH19AcfHd0TSN
 z06rpApTsYc0QXKCTtWQT2zTUpFcYuV4VbbsZzPklq7RfQkCYUTU/K2rwJXj6QtgUH5yweND0ErJ
 IlExu/ynepi5uIs/bKoYD+xj++Zy2DNwOgV373pfDhBQ21OdY6w60lqDXZ8NWh2RQEjvDmapfx/d
 RFuhOJ7TMB6NCHI1hfUzS485aYrCT+7qNJpDdZ7rxcQptoXw7Xs8R1+CaHYt6untWGCS5hcb4MNy
 /gD8X5UKoUGIOMl3vKNvklFI2ah/aQzn5Dzh9/RiXLEPQVcUdJzW4D1Jj0MTqkNS3jTH6jbwUsjd
 NmWHUOcIaNJMzrfLFNGeag8iB/KG4yIjEJgJQWyD5QW5B/0AyfuYrOo=
X-Report-Abuse-To: spam@se.syd.hostingplatform.net.au
X-Rspamd-Queue-Id: 4QJMlk5yQnz3qML
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:45638, ipnet:2400:b800:6::/48, country:AU]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-ThisMailContainsUnwantedMimeParts: N

On Sat, 13 May 2023 05:33:51 -0400
LuMiWa <lumiwa@dismail.de> wrote:

> Hi!
> 
> I am using unbound from ports on FreeBSD 13.2 Release for DNS over
> TLS. In unbound.conf I have:
> forward-zone:
>    name: "."
>    forward-tls-upstream: yes
>    forward-addr: 9.9.9.9@853#dns.quad9.net
>    forward-addr: 149.112.112.112@853#dns.quad9.net
> 
> It worked years without problem but this weeks stopped. I remowed
> forward-tls... and port 853 and it works again but it is not the same.
> 
> Thank you.
> 

I have 

$ cat /var/unbound/forward.conf
# Generated by resolvconf

forward-zone:
	name: "."
	forward-tls-upstream: yes		# Use DNS-over-TLS
	forward-first: no			# do NOT send direct

	forward-addr: 1.1.1.1@853#one.one.one.one
	forward-addr: 1.0.0.1@853#one.one.one.one

usually I will 

# service local_unbound restart
  (after a reboot)

https://1.1.1.1/help seems to confirm it is correct

I have no idea if I am doing it right !

yep help needed