Does anyone else have unbound working with TLS? I’m getting the error libunbound[27787:0] error: no name verification functionality in ssl library, ignored name for 8.8.8.8@853#dns.google
I think this is the same error reported in
FreeBSD
and Unbound upstream
It’s puzzling, though, because the Changelog for 1.9.0 makes it sound as though this bug did not affect openssl-1.1, and also was fixed in 1.9.0.
Things I haven’t yet figured out:
- are the 2 bugs above still relevant to unbound-1.9.4 (latest upstream, already in Nixpkgs)
- are the 2 bugs relevent with openssl-1.1.1 (used by Nixpkgs
unbound
) - would it help to apply the patch from the FreeBSD thread?
- are there compile-time options to
openssl
that affect this behavior?
Relevant lines from my unbound.conf
:
server:
tls-upstream: yes
tls-cert-bundle: /etc/pki/tls/certs/ca-bundle.crt
forward-zone:
name: .
forward-addr: 8.8.8.8@853#dns.google