You are not logged in.

Pages: 1

#1 2016-10-20 22:14:06

radagast8
Member
Registered: 2016-10-09
Posts: 6

dnscrypt and unbound working independently but not together. thoughts?

so,

unbound works fine alone. no problems at all, this is set to port 53 as default. my config:

server:
  use-syslog: yes
  username: "unbound"
  directory: "/etc/unbound"
  trust-anchor-file: trusted-key.key
  interface: 127.0.0.1
  root-hints: "/etc/unbound/root.hints"
  include: /etc/unbound/adservers
  do-not-query-localhost: no
  forward-zone:
    name: "."
#    forward-addr: 127.0.0.1:40
    forward-addr: 8.8.8.8
    forward-addr: 8.8.8.4

now, i have tried to set up dnscrypt alongside, using nothing but what is in the wiki, this doesn't work!

https://wiki.archlinux.org/index.php/DNSCrypt

i was curious, so i set my resolv.conf server to 127.0.0.1:40, the dnscrypt socket. it works! the same is true for 127.0.0.1:53 if the servers are set as google dns, but when i set the unbound forward address to 127.0.0.1:40, no joy!!

any thoughts on this?

+ something i just noticed,

when my forward-addr is set to port 40 (dnscrypt), and my resolv.conf is also set to port 40, it again stops working, i think this is to be expected but just a note.

also, when i am listening on port 40, with the google dns in my unbound.conf, which should not need unbound at this point (right?) stopping the unbound service breaks the connection. are there crossed wires in my pc or my brain? tongue


very strange- when i remove the forward-zone section entirely from unbound.conf, restart the service and listen on port 53 for unbound, it works! it seems like there is some magic here, and the link is just there? going for logout to see if it still works.

Last edited by radagast8 (2016-10-20 22:48:53)

Offline

#2 2016-11-09 05:38:26

socrates
Member
Registered: 2014-07-14
Posts: 14

Re: dnscrypt and unbound working independently but not together. thoughts?

Have you solved this?
I'm having the same issue hmm

Edit 1 : After of hours of trying every combination and fix I've come to realize dnscrypt doesnt work even when systemctl status dnscrypt-proxy shows success.

This could be due to one of two things.
1.Dnscrypt servers are so shitty to handle dns requests or are offline
2.Dnscrypt is bugged somewhere.

Currently using unbound with forward to dnssec opennic dns servers(The ones marked with dnscrypt), since the regular opennic dont work with unbound as seen by issuing systemctl status unbound

Last edited by socrates (2016-11-10 14:40:02)

Offline

Pages: 1

Board footer

Powered by FluxBB