[Pdns-users] Recursor forwarder DoT configuration
b.candler at pobox.com
Fri Sep 8 14:59:59 UTC 2023
On 08/09/2023 15:50, Christoph via Pdns-users wrote:
> - does it validate the server certificate? how do I configure the name
> when performing certificate verification?
Not answering your questions about PDNS recursor specifically, but I'll
just point out that 18.104.22.168:853 and 22.214.171.124:853 both have valid signed
certificates with IP SANs, so certificate validation can be performed
with IP address only.
$ openssl s_client -connect 126.96.36.199:853
Verify return code: 0 (ok)
Decoding the certificate with openssl x509 -noout -text:
X509v3 Subject Alternative Name:
DNS:one.one.one.one, IP Address:188.8.131.52, IP Address:184.108.40.206, IP
Address:220.127.116.11, IP Address:18.104.22.168, IP
Address:2606:4700:4700:0:0:0:0:64, IP Address:2606:4700:4700:0:0:0:0:6400
For the same reason, using https://22.214.171.124/ in your browser also works.
More information about the Pdns-users