Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] Enabling DoH service without TLS certificates #1190

Open
poscat0x04 opened this issue Nov 25, 2024 · 1 comment
Open

[FR] Enabling DoH service without TLS certificates #1190

poscat0x04 opened this issue Nov 25, 2024 · 1 comment
Assignees
@gthess

Comments

@poscat0x04
Copy link

Current behavior
Currently unbound requires both tls-service-key and tls-service-pem to be set to provide DNS-over-TLS and DNS-over-HTTPS downstream. But unbound also provides the option to provide unencrypted DNS-over-HTTP service via http-notls-downstream. This means even if one want to provide only DNS-over-HTTP service, one has to provide TLS certificates which isn't ideal.

Describe the desired feature
Being able to provide DNS-over-HTTP service without TLS certificates.

Potential use-case
This feature is useful for anyone who wants to use unbound as a DoH server while using a reverse proxy such as nginx.
@gthess gthess self-assigned this Dec 2, 2024
@gthess
Copy link
Member

gthess commented Dec 2, 2024

This is already available with the http-notls-downstream option.
Do you use a specific configuration that fails somehow? Do you have log output to share?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gthess gthess

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gthess @poscat0x04