Posted on Thu 18 February 2021

how to add DNS/TLS to your existing DNS server

I will assume you have a working DNS server listening on the default port, 53, and that you have certbot or some other means of acquiring SSL certs.

  • Install stunnel4

  • Create a config file in /etc/stunnel4/dns.conf

pid = /var/run/stunnel4/stunnel.pid

[dns]
accept = 853
accept = :::853
connect = 127.0.0.1:53
cert = /etc/letsencrypt/live/randomstring.org/fullchain.pem
key = /etc/letsencrypt/live/randomstring.org/privkey.pem

Substitute the locations of an appropriate SSL cert and key.

  • Start stunnel4.

-30-

Tags: blog, technology, DNS, SSL, TLS

Previously: Apple M1 MBP micro-review

More recently: quote: outsourcing risk

© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.