Posted on Thu 18 February 2021

how to add DNS/TLS to your existing DNS server

I will assume you have a working DNS server listening on the default port, 53, and that you have certbot or some other means of acquiring SSL certs.

  • Install stunnel4

  • Create a config file in /etc/stunnel4/dns.conf

pid = /var/run/stunnel4/stunnel.pid

[dns]
accept = 853
accept = :::853
connect = 127.0.0.1:53
cert = /etc/letsencrypt/live/randomstring.org/fullchain.pem
key = /etc/letsencrypt/live/randomstring.org/privkey.pem

Substitute the locations of an appropriate SSL cert and key.

  • Start stunnel4.

-30-

Tags: blog, technology, DNS, SSL, TLS

Previously: Apple M1 MBP micro-review

More recently: quote: outsourcing risk

© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Many changes ago this used to be the svbhack theme by Giulio Fidente on github.

ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86