unbound
unbound copied to clipboard
NLnetLabs
multi domain same ssl - unbound as a DOT server issue
dear team good day i have 3 domains on the same server and all included in one multi domain positive comodo ssl and the server has one static ip domain insecure future is not excluding connection to main domain and tls is connected to both domains To reproduce 1- setup up a domain and sub domain like www.example.com, dns.example.com 2- install multi domain ssl : www.example.com, dns.example.com 3- setup unbound DOT server with tls certificate on port 853
add insecure domain parameter and define www.example.com as insecure
Expected behavior
query dns over tls on www.example.com unbound still accepts connection from this domain as it's already included in the certificate chain i should only be able to connect to dns.example.com or maybe i got it wrong and shouldn't labeled this as bug! please feel free to correct me, thank you!
System:
- Unbound version: 1.13.1
- OS: ubuntu 21.10
- unbound -V output:
'Version 1.13.1
Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --libexecdir=${prefix}/lib/x86_64-linux-gnu --disable-maintainer-mode --disable-dependency-tracking --disable-rpath --with-pidfile=/run/unbound.pid --with-rootkey-file=/var/lib/unbound/root.key --with-libevent --with-libnghttp2 --with-pythonmodule --enable-subnet --enable-dnstap --enable-systemd --with-chroot-dir= --with-dnstap-socket-path=/run/dnstap.sock --libdir=/usr/lib
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1l 24 Aug 2021
Linked modules: dns64 python subnetcache respip validator iterator
BSD licensed, see LICENSE in source package for details.
Report bugs to [email protected] or https://github.com/NLnetLabs/unbound/issues'
