diff --git a/.gitignore b/.gitignore index 85d16822..577182ac 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,9 @@ !.pre-commit-config.yaml !.reuse +# Certificates (unlikely to happen, but better safe than sorry) +*.pem + # Symlinks install.run LICENSE diff --git a/etc/unbound/unbound.conf.d/doh-local.sample b/etc/unbound/unbound.conf.d/doh-local.sample new file mode 100644 index 00000000..e471f1ea --- /dev/null +++ b/etc/unbound/unbound.conf.d/doh-local.sample @@ -0,0 +1,9 @@ +# semanage port -a -t dns_port_t -p tcp 4433 +interface: ::1@53 +interface: 127.0.0.1@53 +interface: ::1@4433 +interface: 127.0.0.1@4433 +https-port: 4433 +#http-notls-downstream: yes +tls-service-key: /etc/unbound/conf.d/unbound.pem +tls-service-pem: /etc/unbound/conf.d/unbound.pem