Unbound and encryption


#1

Expected Behaviour:

better security when visiting https://rootcanary.org/test.html

Actual Behaviour:

lots of unlocks on page, other posts I have seen have lots of locks, unsure what to do.

running FTLDNS with unbound on a pi2 raspbian stretch. router is a DD-WRT installed Linksys EA8500.

passes dnssec test http://dnssec.vs.uni-due.de/

I think I found the Fix:

however this talks to me as if I’m at the level of someone that’s competent. can someone help me with this? maybe make one of those awesome pi-hole guides for dummies like me?


#2

Do you know this guide?

Pi-hole as All-Around DNS Solution

It contains

Configure unbound

Highlights: - Listen only for queries from the local Pi-hole installation (on port 5353) - Listen for both UDP and TCP requests - Verify DNSSEC signatures, discarding BOGUS domains - Apply a few security and privacy tricks


#3

Yes, followed that guide, it’s how i got unbound installed. DNSSEC passes.however, from what I gather, unbound isn’t verifying certification, so theoretically you can spoof the certificate and dnssec will be useless


#5

https://rootcanary.org/test.html is a bit strange, sometimes I have to run the test a second time. But I guess the button “Re-run test” doesn’t solve your issue?

You also can try to switch the setting “Use DNSSEC” in the Pi-hole web interface (tab “DNS”).


#6

unfortunately no, and neither did a DNS flush. DNSSEC is enabled and working.


#7

The DNSSEC result on the following sites is ok too?

https://internet.nl/connection/
http://www.dnssec-or-not.com/
https://cmdns.dev.dns-oarc.net/


#8

yes, it works on those sites. DNSSEC is working.


#9

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.