Configs for IETF meetings.

Author: wkumari

ietf-configs/README.md

@@ -0,0 +1,9 @@
+# IETF configs
+
+## Description
+These are example DNS-over-TLS configs for IETF meetings.
+
+```
+stunnel.conf # The stunnel config we use on the servers.
+unbound.conf   # Unbound config for IETF.
+```

ietf-configs/stunnel.conf

@@ -0,0 +1,31 @@
+; stunnel configuration for dprive (DNS privacy) --sra 2017-07-14
+; See the stunnel man page for details on what all of this does.
+
+; Drop privs after starting
+setuid = stunnel
+setgid = stunnel
+
+; Where to find our TLS certificate and key.  The certificate is our
+; usual Let's Encrypt certificate, obtained using acme-tiny.
+
+cert = /path/to/certificate-chain.cer
+key  = /path/to/private.key
+
+; Apparently stunnel drops privs before writing the PID file, so
+; put the PID file in a directory where we have write permission.
+
+pid  = /var/run/stunnel/stunnel.pid
+
+; Now run the proxy itself.  Depending on the platform on which you're
+; running this, you may need one or both of these (netstat is your friend).
+; On FreeBSD, TCPv4 and TCPv6 are totally separate, so we need two sockets.
+; On Linux, the TCPv6 case may cover both.  On any platform, the exact
+; behavior may depend on sysctl settings or the like, so test your work.
+
+[dprive4]
+accept = 853
+connect = 53
+
+[dprive6]
+accept = :::853
+connect = 53onnect = 53

ietf-configs/unbound.conf

@@ -0,0 +1,13 @@
+# Experiment at IETF 99
+server:
+   tcp-upstream: yes
+   ssl-upstream: yes
+
+forward-zone:
+   name: "."
+   forward-addr: 2001:67c:370:229::6@853
+   forward-addr: 2001:67c:370:229::7@853
+   forward-first: no
+
+# Unbound does not authenticate the upstream so we don't add the keys!
+