DNS over TLS not working

Yuri yvoinov at gmail.com
Wed May 9 14:51:45 UTC 2018 


09.05.2018 11:51, W.C.A. Wijngaards via Unbound-users пишет:
> Hi,
>
> No idea what is going on anymore, here is two new sets of binaries.
>
> These are made with openssl 1.0.2j.  The code in unbound that does
> tls-upstream:yes is basically almost the same as previous releases, and
> with the same version of openssl, shouldn't that work like it did in the
> previous release?
>
> Note that the 1.0.2 openssl does not have the set verify name function
> that is used to verify the tls authentication name, so it won't check that.
>
> open.nlnetlabs.nl/~wouter/unbound-1.7.1_20180509.zip
> open.nlnetlabs.nl/~wouter/unbound-1.7.2_20180509.zip
Same shame, Wouter.:-(

Both does not work with DoT.
>
> pgp sigs in .asc files.
>
> The 1.7.1 zipfile is the 1.7.1 release with the different openssl library.
>
> The 1.7.2 has a different windows event handling for SSL upstream, that
> should result in fewer cycles used to handle the SSL connection.  It
> should however, not otherwise change the SSL connection calls to OpenSSL.
>
> Best regards, Wouter
>
> On 08/05/18 18:25, Yuri via Unbound-users wrote:
>> Still not, Raymond.
>>
>> Digging.
>>
>> 08.05.2018 21:45, Raymond Bannan via Unbound-users пишет:
>>> I downloaded the updated binary and tried on my system as well -
>>> unbound is still attempting to resolve without first negotiating TLS.
>>>
>>> It correctly reaches out to 1.1.1.1:853, but it doesn't negotiate a
>>> TLS connection.  Is there anything I could do to help fix this?
>>>
>>> -Ray
>>>
>>> On 5/7/2018 8:25 AM, W.C.A. Wijngaards via Unbound-users wrote:
>>>> Hi Yuri,
>>>>
>>>> On 07/05/18 16:16, Yuri via Unbound-users wrote:
>>>>> Just checked. Unfortunately, patch does not fix issue.
>>>>>
>>>>> Same sympthom. Timeout, then no resolve.
>>>>  From your previous logs, what unbound does is connect, then write. 
>>>> Then
>>>> it gets nothing to read.  Until the timeout happens.  The connection
>>>> closes, there was no data received.
>>>>
>>>> Is there a firewall of some sort preventing data from leaving or
>>>> entering the system?
>>>>
>>>> Best regards, Wouter
>>>>
>>>>> http://open.nlnetlabs.nl/~wouter/unbound-1.7.2_20180507.zip (16Mb)
>>>>> http://open.nlnetlabs.nl/~wouter/unbound-1.7.2_20180507.zip.asc (pgp
>>>>> sig)
>>>>>
>>>>> -- 
>>>>> "C++ seems like a language suitable for firing other people's legs."
>>>>>
>>>>> *****************************
>>>>> * C++20 : Bug to the future *
>>>>> *****************************
>>>>>
>

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180509/b7b3a7ba/attachment.bin>

More information about the Unbound-users mailing list