On 2025-01-15, Joel Carnat <j...@carnat.net> wrote: > Hello, > > Playing with my local unbound(8) daemon regarding encrypted DNS queries, > I could enable DoT (DNS-over-TLS) without issue. But when it came to DoH > (DNS-over-HTTPS), it didn't work at all. To have DoH enabled, unbound(8) > needs to be compiled with libnghttp2; which is available in ports but > not in the system, AFAIK. > > Is there any work-in-progress to import libnghttp2 in the system and > enable DoH in stick unbound(8)? Or is DoH not recommended as a stock > feature?
No work in progress and I'd generally prefer not to do that. I have thought about adding the daemon to ports net/libunbound a few times but it's a bit awkward to have something in both base and ports and have so far decided against it. I would suggest front-ending with dnsdist instead, and run a DoH listener there: https://dnsdist.org/guides/dns-over-https.html There is an h3 flavour of dnsdist if you want DNS-over-QUIC/HTTP3: https://dnsdist.org/guides/dns-over-http3.html https://dnsdist.org/guides/dns-over-quic.html -- Please keep replies on the mailing list.
