Unbound DoH port 443, Port to forward DoH traffic to SSH tunneling and SOCKS #1219
Comments
|
If you are looking for discussion, there is a user mailing list for having conversation. It is on https://nlnetlabs.nl/projects/unbound/about/ at the 'Mailing List' link. That links to https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users . That is a place for user conversation. Unbound does not have the option 'proxy-out'. Also not outgoing DoH traffic. That would also not be needed because it goes to the VM via a SSH connection. Useful to configure is the option To direct the upstream traffic from Unbound to a particular traffic route, the line It may be possible to set unbound to use a Unbound can support DoH traffic on any port number you want to configure. Also for DNS TCP traffic, that can be on any port number you like. |
This is about previous closed post #1216
I was using Google to search and the results stated previously were from Generative AI.
I would say this issue is not really a bug or a problem. It is more of an inquiry into how any attributes can be added to unbound.conf to forward the DoH traffic through SSH tunneling. I didn't see a discussion forum to post inquiries.
There is a reply from here https://superuser.com/questions/1811267/does-dns-over-https-hide-domain-name-of-websites-from-packet-analyzers about VPN. I would prefer not to use a commercial VPN to hide and mask my traffic. Creating SSH tunneling and SOCKS is actually creating one's own VPN. The SOCKS settings are on the Librewolf side, the SSH tunneling is to forward the traffic to the Virtual Machine.
So when I use dnscheck.tools and dnsleaktest.com to check for my ISP IP, it should say the Virtual Machine's IP and not my ISP IP.
This could be an issue out of scope as to what Unbound is offering to users, but I installed Unbound on my PC running Linux Mint 22 and now wanting to see how unbound.conf could be configured to forward the DoH traffic through SSH tunneling to the Virtual Machine.
The below stated previously from Google Generative AI seems to be similar to forwarding the Unbound DoH traffic through the SSH tunneling and SOCKS:
To direct Unbound DNS-over-HTTPS (DoH) traffic through an SSH tunneling port, configure your system to use a SOCKS proxy on the SSH tunnel's local port, then set Unbound to use that SOCKS proxy for outbound DoH connections by specifying it in the "proxy-out" option within your Unbound configuration file; essentially, all DoH requests will be routed through the SSH tunnel.
Key steps:
Establish SSH Tunnel with SOCKS Proxy:
• Open an SSH connection to your remote server using the -D flag to enable dynamic port forwarding.
• Example command: ssh -D 8888 user@server
• This creates a SOCKS proxy accessible on port 8888 on your local machine.
Configure Unbound:
• Edit your Unbound configuration file (usually located at /etc/unbound/unbound.conf)
• Add the following line under the "interface:" section to specify the SOCKS proxy => proxy-out: 127.0.0.1:8888;socks
• Important: Ensure your firewall rules allow outbound traffic on port 8888.
• Restart Unbound:
• Restart the Unbound service to apply the changes.
There are 2 ports Unbound uses; they are ports 53 (HTTP) and 443 (DoH-HTTPS).
Using port 443 to SSH could interfere with regular HTTPS traffic on the same port; it's generally better to use a separate port for SSH tunneling. This is something also from Google Generative AI :).
I was asking about what port number to use, but I guess any HTTPS port could be tested. Would you happen to know what port would be for this and what would you suggest about this inquiry?
Since you have experience with Unbound and thorough knowledge of the attributes, what other attributes would be required besides this one, "https-port: ", to forward traffic to SSH tunneling?
Thanks for taking the time out of your busy schedule to read and reply to my inquiries :)!
The text was updated successfully, but these errors were encountered: