DoT forward-zone via unbound-control #1034
Comments
|
There is a new option for unbound-control, for |
jedisct1
added a commit
to jedisct1/unbound
that referenced
this issue
Apr 4, 2024
* nlnet/master: (24 commits) - Fix NLnetLabs#369: dnstap showing extra responses; for client responses right from the cache when replying with expired data or prefetching. - Fix NLnetLabs#1035: Potential Bug while parsing port from the "stub-host" string; also affected forward-zones and remote-control host directives. - For NLnetLabs#1040: adjust error text and disallow negative ports in other parts of cfg_mark_ports. Changelog note for NLnetLabs#1040 - Fix NLnetLabs#1040: fix heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c. fix heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c - Fix for crypto related failures to have a better error string. - Fix NLnetLabs#1034: DoT forward-zone via unbound-control. - Fix that the server does not chown the pidfile. - Fix that when the server truncates the pidfile, it does not follow symbolic links. - Fix to add unit test for lruhash space that exercises the routines. - Fix comment in lruhash space function. - Fix for NLnetLabs#1032, add safeguard to make table space positive. - Fix NLnetLabs#1032: The size of subnet_msg_cache calculation mistake cause memory usage increased beyond expectations. - Fix name of unit test for subnet cache response. - For NLnetLabs#831: Format text, use exclamation icon and explicit label names. Changelog entry for NLnetLabs#831 - Merge NLnetLabs#831 from Pierre4012: Improve Windows NSIS installer script (setup.nsi). Improve Windows NSIS installer script (setup.nsi) (NLnetLabs#831) - Fix localdata and rpz localdata to match CNAME only if no direct type match is available. - Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that clientip and nsip can give a CNAME. - Fix rpz for qtype CNAME after nameserver trigger. ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First off: I can't tell whether the problem described below is a bug, simply not implemented or me being to stupid to do.
My use case: Setting a DoT DNS forwarder via unbound-control.
Defining such forward in the config is fine and works correct as far as I can tell:
Unfortunately, that static config does not suit my particular environment, because I'm operating in changing locations. I need to switch the "." forward zone to different upstream DNS servers (with and without DoT), basically on-the-fly.
Embedded in some "external detection logic", I'm already able to adjust the DNS setup via
unbound-controlaccordingly, but unfortunately not for any DoT forwards. Simply because there seems to be no way to set theforward-tls-upstreamoption with theforward_addcommand.If there is any way to accomplish this with
unbound-controlplease let me know. Otherwise I would kindly request this as a feature.The text was updated successfully, but these errors were encountered: