I will assume you have a working DNS server listening on the default port, 53, and that you have certbot or some other means of acquiring SSL certs.
Create a config file in
pid = /var/run/stunnel4/stunnel.pid [dns] accept = 853 accept = :::853 connect = 127.0.0.1:53 cert = /etc/letsencrypt/live/randomstring.org/fullchain.pem key = /etc/letsencrypt/live/randomstring.org/privkey.pem
Substitute the locations of an appropriate SSL cert and key.
- Start stunnel4.