Unbound unable to verify CN

user21714 · January 31, 2022, 4:23pm

I am using Cloudflare’s DoT, and it will prompt error: SSL_handshake syscall: Connection reset by peer. I delete Verify CN` and it works normally, why is this?

thanks in advance.

before log:

<30>1 2022-02-01T00:16:52+08:00 OPNsense.localdomain unbound 80197 - [meta sequenceId="1"] [80197:0] info: 192.168.163.1 google.com. A IN
<30>1 2022-02-01T00:16:52+08:00 OPNsense.localdomain unbound 80197 - [meta sequenceId="2"] [80197:0] info: resolving google.com. A IN
<30>1 2022-02-01T00:16:53+08:00 OPNsense.localdomain unbound 80197 - [meta sequenceId="3"] [80197:0] info: response for google.com. A IN
<30>1 2022-02-01T00:16:53+08:00 OPNsense.localdomain unbound 80197 - [meta sequenceId="4"] [80197:0] info: reply from <.> 1.1.1.1#853
<30>1 2022-02-01T00:16:53+08:00 OPNsense.localdomain unbound 80197 - [meta sequenceId="5"] [80197:0] info: query response was ANSWER
<30>1 2022-02-01T00:16:53+08:00 OPNsense.localdomain unbound 80197 - [meta sequenceId="6"] [80197:0] info: 192.168.163.1 google.com. AAAA IN

after log:

<30>1 2022-02-01T00:19:11+08:00 OPNsense.localdomain unbound 89309 - [meta sequenceId="1"] [89309:0] info: 192.168.163.1 google.com. A IN
<30>1 2022-02-01T00:19:11+08:00 OPNsense.localdomain unbound 89309 - [meta sequenceId="2"] [89309:0] info: resolving google.com. A IN
<27>1 2022-02-01T00:19:11+08:00 OPNsense.localdomain unbound 89309 - [meta sequenceId="3"] [89309:0] error: SSL_handshake syscall: Connection reset by peer
<30>1 2022-02-01T00:19:13+08:00 OPNsense.localdomain unbound 89309 - [meta sequenceId="4"] [89309:0] info: 192.168.163.1 google.com. AAAA IN
<30>1 2022-02-01T00:19:13+08:00 OPNsense.localdomain unbound 89309 - [meta sequenceId="5"] [89309:0] info: resolving google.com. AAAA IN
<30>1 2022-02-01T00:19:15+08:00 OPNsense.localdomain unbound 89309 - [meta sequenceId="6"] [89309:0] info: 192.168.163.1 google.com. A IN
<30>1 2022-02-01T00:19:17+08:00 OPNsense.localdomain unbound 89309 - [meta sequenceId="7"] [89309:0] info: 192.168.163.1 google.com. AAAA IN

mvavrusa · February 1, 2022, 6:12pm

Hi! I’m not sure, there’s not much information in the log. Maybe you can enable more verbose logging?

system · March 3, 2022, 6:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DNS over TLS cant verify certificate 1.1.1.1	10	9408	June 18, 2021
Verifying Domain with CNAME DNS & Network	6	2170	July 2, 2022
Universal SSL Pending Verification Security	15	2410	November 13, 2020
Domain not propagating and cannot use on Applications DNS & Network	3	597	September 10, 2023
SSL HTTP verification pending on CNAME setup Security	2	244	April 25, 2024

Unbound unable to verify CN

Related topics