[QUESTION] How do I setup `unbound` DoT?

[Veraellyunjie]

Here is an example unbound.conf line from https://www.jwillikers.com/dns-over-tls-with-unbound:

  forward-addr: 1.1.1.1@853#cloudflare-dns.com

It needs IP, port and address name.

https://openbld.net/docs/overwiew/how-it-works/#connectives

DoT - ada.openbld.net or ric.openbld.net

Nothing more. With this, I don't understand what I should put into unbound.conf.

Thank you

[m0zgen]

Hello, thank you for your question.

You can try to check nearest server for you, as example with nslookup or dig commands:

nslookup -port=53 ada.openbld.net 1.1.1.1

Output:

Server:     1.1.1.1
Address:    1.1.1.1#53

Non-authoritative answer:
Name:   ada.openbld.net
Address: 104.152.xx.xx
Name:   ada.openbld.net
Address: 109.199.xx.xx

Make sure, the service is working, try to connect any server to 853 port:

telnet 104.152.xx.xx 853 
Trying 104.152.xx.xx...
Connected to 104.152.xx.xx.

Next step - take any IP and try to setup your server...

Enjoy!

[Veraellyunjie]

Thank you. Especially appreciate that you chose to show detailed steps of how to obtain the info. Great approach!

Please consider adding this howto to docs

[m0zgen]

On the OpenBLD.net site added section with topic named as - Setup DoT (DNS-over-TLS) on unbound:

• https://openbld.net/docs/get-started/third-party-proxies/unbound/

If you have anything to add, let me know please.

[Veraellyunjie]

Some sentences are ungrammatical and overly verbose. I'm not a native English speaker (привет нашим), my suggestions may be wrong. There are grammar checking tools like https://www.grammarcheck.net/editor/ for folks like us.

---

Use Unbound as an upstream DNS-over-TLS forwarder you can with the forward-addr parameter in the unbound.conf file.

Use Unbound as an upstream DNS-over-TLS forwarder with the forward-addr parameter in the unbound.conf file.

---

You can try to check the nearest server for you, as example with nslookup or dig commands:

Check the nearest server with nslookup or dig commands:

---

Make sure, the service is working, try to connect any server to 853 port:

Make sure the service is working by connecting to any server on 853 port:

[Veraellyunjie]

Then, this howto is merely a hint. I prefer examples where conf files are shown in full-text like https://www.jwillikers.com/dns-over-tls-with-unbound which is OpenBSD-targeted and will probably not work on other platforms.

BTW, I would expect data present at https://openbld.net/docs/overwiew/how-it-works/#connectives to be somewhere at https://openbld.net/docs/category/get-started/ Consider: you visit the website, you are too lazy to read Introduction and Overview (BTW, fix Overwiew typo), and you head to Get started, but connection addresses aren't listed there. I would never expect to find them in overview/how-it-works

Ideally, each page https://openbld.net/docs/get-started/setup-os/macos/ https://openbld.net/docs/get-started/setup-os/windows/ https://openbld.net/docs/get-started/setup-os/linux/ should not reference other pages, but contain full howto with all data. Admittedly, that's a lot of work for maintainers and data would be duplicated, yet that is what I as a visitor would like to see.

[Veraellyunjie]

Alas, this is my 1st unbound setup in years. So I'm a tutorial seeker, not an advisor.

[m0zgen]

Hey, you can accept the role of a volunteer and check misspells, grammar etc, and provide problem places in the text on site for me for fixing.

• https://openbld.net/docs/donation/#volunteering

If you decide to do so, welcome)