Posted on Thu 18 February 2021
I will assume you have a working DNS server listening on the default port, 53, and that you have certbot or some other means of acquiring SSL certs.
Install stunnel4
Create a config file in
/etc/stunnel4/dns.conf
pid = /var/run/stunnel4/stunnel.pid
[dns]
accept = 853
accept = :::853
connect = 127.0.0.1:53
cert = /etc/letsencrypt/live/randomstring.org/fullchain.pem
key = /etc/letsencrypt/live/randomstring.org/privkey.pem
Substitute the locations of an appropriate SSL cert and key.
- Start stunnel4.
-30-