Closed micush closed 8 months ago
ShreyasZare
commented
9 months ago Thanks for the feedback. The error RemoteCertificateNameMismatch means that the domain name used for the DoT forwarder does not match with the SSL certificate received by the DNS server.
You can test this manually using openssl s_client -connect <dot-domain>:853 command.
Which DoT forwarder are you using?
micush
commented
9 months ago I'm using kdig for the client and TDNS for both DNS servers in this instance.
ShreyasZare
commented
9 months ago I'm using kdig for the client and TDNS for both DNS servers in this instance.
Its a config issue and not related to the software being used. The domain you used for DoT in forwarder config does not match with any of the domain names in the SSL cert returned. Use the openssl command mentioned in previous comment to find out the correct domain name to use with that cert.
Hi,
So this is interesting. I have this scenario and don't know why. Maybe you can help shed some light on it.
client -- :53 --> server1 == OK client -- :53 --> server2 == OK client -- :853 --> server2 == OK client -- :53 --> server1 (zone conditional tls forwarder) -- :853 --> server2 == !OK == EDE: 0 (Other): (Resolver exception for host.local. A IN: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch)
Regards, micush