Ubuntu
unbound package

  1. Bug #1927877
  2. Comment #9

Comment 9 for bug 1927877

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

The patch proposed at

https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/unbound/+git/unbound/+merge/405055

Enables DoH for unbound.

The change can be tested using the upstream test "dohclient". One possible way of reproducing the bug and verifying the changes follows:

Create the tsting binary:

$ git ubuntu clone unbound
$ cd unbound
$ ./configure --with-libnghttp2
$ make dohclient

Install unbound:

# apt-get install unbound

Configure unbound by appending the following to /etc/unbound/unbound.conf:

server:
 interface: 127.0.0.1@443
 tls-service-key: "/etc/unbound/unbound_server.key"
 tls-service-pem: "/etc/unbound/unbound_server.pem"
 https-port: 443

Restart unbound
$ systemctl restart unbound

test DoH support:
$ ./dohclient -s 127.0.0.1 nlnetlabs.nl AAAA IN

Which outputs:
> nghttp2 session mem_recv failed

Finally, install the fixed package, as proposed in the linked MP, restart unbound, and verify DoH support again:
$ ./dohclient -s 127.0.0.1 nlnetlabs.nl AAAA IN

Which outputs a proper response, including
> :status 200

which should confirm the fix.