search

trinib / AdGuard-WireGuard-Unbound-DNScrypt

Linux ultimate self-hosted network security guide ║ Linux 终极自托管网络安全指南 ║ Guía definitiva de seguridad de red autohospedada de Linux ║ लिनक्स परम स्व-होस्टेड नेटवर्क सुरक्षा गाइड ║ Окончательное руководство по безопасности собственной сети Linux
MIT License
765 stars 60 forks source link

(Unbound dns over tls) not showing in https://1.1.1.1/help #6

Closed trinib closed 2 years ago

trinib commented 2 years ago

I've come across a few things that occur when following this guide they are

1. When unbound is installed you are then unable to get the root.hint file or any of the DoH files. However stopping the unbound service after installing it ,and restarting the service after step 4 as per the guide is a work around. (sudo service unbound stop)

2. Downloading the cloudflared 32bit gives a 404 error. But is fixed by downloading from the officical github -> wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm .

3. After cloudflared-linux-arm is downloaded it needs to be renamed to cloudflared before the copy step is carried out. (mv cloudflared-linux-arm cloudflared)

4. After all of this I end with DoH working but not DoT (this is with or without alternative dns on pc) ->
   ![Capture](https://user-images.githubusercontent.com/15659183/144603760-7745702c-8d3c-416e-8491-3201c876c80f.PNG)
   I tried just having DoT configured and all I get is ->
   ![Capture2](https://user-images.githubusercontent.com/15659183/144604035-ea48c50a-415a-4a96-bcdc-13bd0c9f91c1.PNG)
   At this point I have no idea what to do.
   ps. I have followed this guide 6 or so months ago and it was working.
   pps. I have tried the fix in the previous issue.

same issue for me with https://1.1.1.1/help and i even tried older version unbound 1.13.1 and no luck.. But its confirmed unbound is working from https://dnssec.vs.uni-due.de/ and terminal commands test validation :

dig sigfail.verteiltesysteme.net @127.0.0.1 -p 53
dig sigok.verteiltesysteme.net @127.0.0.1 -p 53

The first command should give a status report of SERVFAIL and no IP address. The second should give NOERROR plus an IP address. (From https://docs.pi-hole.net/guides/dns/unbound/#test-validation)

So i dont know if it could be the website https://1.1.1.1/help or browsers not showing TLS cause recently with firefox and chrome i see from https://www.cloudflare.com/ssl/encrypted-sni/ TLS 1.3 is on by default so i really can't tell..I'll try a whole different method for DOT and see but for now i guess unbound still works but ill find another way for DNS OVER TLS

Originally posted by @trinib in https://github.com/trinib/AdGuard-WireGuard-Unbound-Cloudflare/issues/5#issuecomment-1001643176

trinib commented 2 years ago

@26adriano @Issladde i see dns over tls on https://1.1.1.1/help started showing again image

i'll close issue when i update readme

ps i want to add Stubby with unbound to the guide