From nobody Wed May 31 08:20:11 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QWMds1Xqvz4YJHG for ; Wed, 31 May 2023 08:20:33 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QWMdr71pPz3Lfj; Wed, 31 May 2023 08:20:32 +0000 (UTC) (envelope-from dch@skunkwerks.at) Authentication-Results: mx1.freebsd.org; none Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id D85275C0187; Wed, 31 May 2023 04:20:31 -0400 (EDT) Received: from imap44 ([10.202.2.94]) by compute1.internal (MEProxy); Wed, 31 May 2023 04:20:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm2; t=1685521231; x=1685607631; bh=eVslywDFBwOHFFEf4JYKI0jWG dKgn9bJROWSSeTcNBs=; b=YsKnUXvXjZmGvhsXVtPB2gtDGrZOujemjXKNsn4zM MYd/guyAqLg2QrEbhWFabqVQIH2/uooCr7TUgig3P94gmluRq8PV8OmAJ5W4k0qH o7LCzyPoFtLcZRQX8JddxIWcp4XpR/uVuMPjRsnekJzNC1GpHmyYYZptljngfJ5A lJcIgrxHglE3AK1+bJtZA1lNQavrkjtqyGMyK8Gol5fnG/HOhKdLuF0dAgDSzRGs 76x/xnF8BK2GDJ3GyH2ZpXhP1x8Nu714chuP/GPml37a5fSGU66TQLuDHuDo1Wme 7ZRshXV4+8k6eutf5CBQWMvaAtlksANF520AHKGH0pkNw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1685521231; x=1685607631; bh=eVslywDFBwOHFFEf4JYKI0jWGdKgn9bJROW SSeTcNBs=; b=hfTIRoeILOe7QTlVIufqmhMcENjk9whZUd10Cw+P5DgXysOsne+ 82CQHqLKIgwGga3qwOQVWYuwKiVU2EEExbSmJ/RgDRXUlBK8H9bz8BuPz6Qyt1lA j3GAkobZHn3bXCSdlvs1DBBwXuQwQ90QsX3Wm9/y1xGgjhVGpnpwSqMyPN13SeNw ZOBUB9inZ+Kvg/OvgHMsHdPwDCXueuUknp2qDkd99GJ9HG5XYwdeK5tlpt23whu6 C7vCV/BeTjcgq3wum52DI7Of2bZBwkdJpIKLW3/pt3nMA2dGkBVDwacs/zt0TB4W oUE4BWbOYn/dBrgus/g6+pfN3kDNPikQhNA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekledgtddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvvefutgfgse htqhertderreejnecuhfhrohhmpedfffgrvhgvucevohhtthhlvghhuhgsvghrfdcuoegu tghhsehskhhunhhkfigvrhhkshdrrghtqeenucggtffrrghtthgvrhhnpeefleffheetud dtveeufeelieeijeffhfdtudegkeetffeuveelkeffffevhfetheenucffohhmrghinhep qhhurgguledrnhgvthdpuggvshdrnhhonecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomhepuggthhesshhkuhhnkhifvghrkhhsrdgrth X-ME-Proxy: Feedback-ID: ic0e84090:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 75AC636A0073; Wed, 31 May 2023 04:20:31 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-447-ge2460e13b3-fm-20230525.001-ge2460e13 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Message-Id: <4bac270b-78cc-475e-8a0a-153d615b2f77@app.fastmail.com> In-Reply-To: <86mt1lk1ef.fsf@ltc.des.no> References: <20230513053351.6e101f66@dismail.de> <4d7fe7b8-bbd5-e10d-41ee-2b6d46ddb39a@slagle.net> <20230513174552.6d1a05e8@dismail.de> <6538db87-9927-4bd9-a837-d66137c933a3@app.fastmail.com> <86mt1lk1ef.fsf@ltc.des.no> Date: Wed, 31 May 2023 08:20:11 +0000 From: "Dave Cottlehuber" To: =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= Cc: questions@freebsd.org Subject: Re: unbound Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4QWMdr71pPz3Lfj X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Tue, 30 May 2023, at 20:30, Dag-Erling Sm=C3=B8rgrav wrote: > "Dave Cottlehuber" writes: >> https://support.quad9.net/hc/en-us/articles/7200715305997-DNS-over-TL= S-FreeBSD-with-local-unbound >> has a full config on their site, which can be summarised as defaults + > > This is bad advice, please see this instead: > > https://blog.des.no/2018/10/dns-over-tls-in-freebsd-12/ > > (just replace the cloudflare addresses with quad9 addresses) > > DES > --=20 > Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org Thanks DES for a better solution, TIL. I'll see if we can persuade quad9 to update their docs. local_unbound_enable=3DYES local_unbound_tls=3DYES local_unbound_forwarders=3D"9.9.9.9@853#quad9.net 149.112.112.112@853#qu= ad9.net" Running that (for ipv4 config only) yields: forward-zone: name: . forward-tls-upstream: yes forward-addr: 9.9.9.9@853#quad9.net forward-addr: 149.112.112.112@853#quad9.net A+ Dave