[Pdns-users] Recursor forwarder DoT configuration

Brian Candler b.candler at pobox.com
Fri Sep 8 14:59:59 UTC 2023

On 08/09/2023 15:50, Christoph via Pdns-users wrote:
> - does it validate the server certificate? how do I configure the name 
> when performing certificate verification? 

Not answering your questions about PDNS recursor specifically, but I'll 
just point out that and both have valid signed 
certificates with IP SANs, so certificate validation can be performed 
with IP address only.

$ openssl s_client -connect
     Verify return code: 0 (ok)

Decoding the certificate with openssl x509 -noout -text:

             X509v3 Subject Alternative Name:
                 DNS:cloudflare-dns.com, DNS:*.cloudflare-dns.com, 
DNS:one.one.one.one, IP Address:, IP Address:, IP 
Address:, IP Address:, IP 
Address:2606:4700:4700:0:0:0:0:1001, IP 
Address:2606:4700:4700:0:0:0:0:1111, IP 
Address:2606:4700:4700:0:0:0:0:64, IP Address:2606:4700:4700:0:0:0:0:6400

For the same reason, using in your browser also works.

More information about the Pdns-users mailing list