Posted on Thu 18 February 2021

how to add DNS/TLS to your existing DNS server

I will assume you have a working DNS server listening on the default port, 53, and that you have certbot or some other means of acquiring SSL certs.

  • Install stunnel4

  • Create a config file in /etc/stunnel4/dns.conf

pid = /var/run/stunnel4/

accept = 853
accept = :::853
connect =
cert = /etc/letsencrypt/live/
key = /etc/letsencrypt/live/

Substitute the locations of an appropriate SSL cert and key.

  • Start stunnel4.


© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.