Enabling SSL/TLS in unbound, results in error SSL_write
-
Hi,
Can someone please give me a bit of guidance on how to solve or where to look at to solve this error that I'm finding in the DNS Resolver log file.
Error is:
It started to happen after I enabled "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers" in DNS resolver. Disabling it resolves the issue, but that's not ideal. I'm using cloudfare & opendns for upstream DNS servers, and both support it. Also, according to the states log, all DNS queries are going to 853. I don't have any traffic for port 53 going out.
Currently running ver 22.05, and pfblockerng-devel _11.
Many thanks,
-
(solved)
Not sure how it was solved, but I no-longer have this error showing up. Upgraded to 23.01 & pfblockerng_devel_20, and noticed that DNSSEC Support is unchecked. Perhaps, I had it checked, and it wasn't playing nicely with pfblocker & resolver. But, all is sorted now, working without any errors. -
@tigo said in Enabling SSL/TLS in unbound, results in error SSL_write:
noticed that DNSSEC Support is unchecked. Perhaps, I had it checked, and it wasn't playing nicely with pfblocker & resolver
DNSSEC can be only be done if unbound is resolving.
When you forward, you have to trust the upstream revolvers (in your case : cloudfare & opendn).