7 Čen
2024
7 Čen
'24
13:05
Thank you for all your insight.
I have tested with one certificate that includes the separate dns64 domain as an
alternative name, and it works fine.
It is simpler and just requires a unique certificate for dns64 and non dns64 for DoT and
DoH.
So I will set that change in production first, and then I will be able to test version
6.x
--Bolemo
Le 31 mai 2024 à 20:36, Vladimír Čunát via
knot-resolver-users <knot-resolver-users(a)lists.nic.cz> a écrit :
On 31/05/2024 19.00, oui.mages_0w(a)icloud.com <mailto:oui.mages_0w@icloud.com>
wrote:
we have different TLS domains/certificates for
dns64 and non dns64
Oh, OK. Such a thing hasn't occurred to us, so it's
not possible. In that case I expect you'll need to stay on 5.x for now, with separate
processes for dns64 and non-dns64 (but they can share the cache). Overall I don't
think the current code can support multiple certificates.
--