[getdns-users] A question on stubby
A. Schulze
sca at andreasschulze.de
Wed Apr 19 14:37:12 CEST 2017
xmgao:
> Thanks. But you do not include the 'tls_authentication:
> GETDNS_AUTHENTICATION_REQUIRED' field in the stubby.conf file.
you're right!
without "tls_authentication: GETDNS_AUTHENTICATION_REQUIRED"
I may provide wrong tls_auth_name or tls_pubkey_pinset/value
and stubby still will answer my queries!
unfortunately stubby do not complain about authentication failures.
for the archive: the better stubby.conf:
{ resolution_type: GETDNS_RESOLUTION_STUB
, dns_transport_list: [ GETDNS_TRANSPORT_TLS ]
, tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
, upstream_recursive_servers:
[ { address_data: 2a00:e50:f15c:1000::2:53
, tls_auth_name: "yeti-rr.datev.net"
, tls_pubkey_pinset:
[ { digest: "sha256"
, value: QFWn+jgr2FfkRjCw8J77QJbChem3FUGwi9Ntp67SnVg=
} ]
} ]
, idle_timeout: 10000
}
$ man stubby.conf
No manual entry for stubby.conf
without documentation such errors may happen ...
Andreas
More information about the Users
mailing list