From 21a80121558155ef14eceb6a3b6c094076a33bdc Mon Sep 17 00:00:00 2001
From: deepend-tildeclub <58404188+deepend-tildeclub@users.noreply.github.com>
Date: Wed, 17 Sep 2025 14:34:03 -0600
Subject: [PATCH] Add TLS context for DNS over TLS/HTTPS

Added TLS context configuration for DoT/DoH with certificate and key file paths.
---
 named.conf | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/named.conf b/named.conf
index 64e67d56..9481cb2c 100644
--- a/named.conf
+++ b/named.conf
@@ -6,7 +6,15 @@
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local
 
+// TLS context for DoT/DoH
+tls "dns-tls" {
+    cert-file "/etc/bind/keys/dns-fullchain.pem";
+    key-file  "/etc/bind/keys/dns-privkey.pem";
+    protocols { TLSv1.3 TLSv1.2; };
+    session-tickets no;
+};
+
 include "/etc/bind/named.conf.options";
 include "/etc/bind/named.conf.local";
 include "/etc/bind/named.conf.default-zones";
-include "/etc/bind/named.conf.opennic";
\ No newline at end of file
+include "/etc/bind/named.conf.opennic";