DNS over HTTPS in Unbound – Extra step for a home lab

It looks like I need to add some extra steps to get my new DNS in Unbound works with HTTPS. Let me show you how to do it.

First let’s generate some certificates:

  • Create your own root CA with:
$ openssl genrsa -des3 -out myCA.key 2048
  • Generate the root CA certificate:
$ openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
  • Create CSR:
$ openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
  • Request new certificate:
$ openssl x509 -req -in mydomain.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out mydomain.pem -days 1825 -sha256
  • Move your certificate to /etc/ssl forlder
$ mv *.pem /etc/ssl/
  • Install nghttp2
tdnf install nghttp2
  • Enable DoH by edditing /etc/unbound/unboung.conf and add this line:
tls-cert-bundle: "/etc/ssl/mydomain.pem"
  • Restart unbound
Subscribe to my channel! https://bit.ly/3vY16CT

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Join my  VMware Knowledge Base Group: https://bit.ly/3w54tbc

Visit my FB page: https://www.facebook.com/AngrySysOps

Read my blog: https://angrysysops.com

Subscribe to my channel : https://bit.ly/3vY16CT

Please leave the comment