UnBound <-> Dnscrypt-Proxy Problem

Peter_APIIT · 08-30-2015, 02:34 AM

Hello to all,

I tried to set up dns encryption with unbound forward to dnscrypt-proxy but the dns lookup fails and I had no idea how to diagnose/troubleshoot it. Therefore, I'm hope someone will provide some guidance on where to look for.

Below is my unbound configuration:

Quote:

server:
interface: 127.0.0.1
interface: 172.16.1.1
do-ip6: no
prefetch: yes
prefetch-key: yes
#verbosity: 4
log-time-ascii: yes
statistics-interval: 3600

access-control: 0.0.0.0/0 deny
access-control: 127.0.0.0/8 allow
access-control: 172.16.1.0/24 allow
access-control: ::0/0 refuse
#access-control: ::1 allow

do-not-query-localhost: no

num-threads: 2
msg-cache-size: 8mb
rrset-cache-size: 16mb

msg-cache-slabs: 8mb
rrset-cache-slabs: 8mb
infra-cache-slabs: 8mb
key-cache-slabs: 8mb

hide-identity: yes
# Uncomment to enable DNSSEC validation.
#
#auto-trust-anchor-file: "/var/unbound/db/root.key"

# Serve zones authoritatively from Unbound to resolver clients.
# Not for external service.
#
#local-zone: "local." static
#local-data: "mycomputer.local. IN A 192.0.2.51"
#local-zone: "2.0.192.in-addr.arpa." static
#local-data-ptr: "192.0.2.51 mycomputer.local"

# UDP EDNS reassembly buffer advertised to peers. Default 4096.
# May need lowering on broken networks with fragmentation/MTU issues,
# particularly if validating DNSSEC.
#
#edns-buffer-size: 1480

# Use TCP for "forward-zone" requests. Useful if you are making
# DNS requests over an SSH port forwarding.
#
#tcp-upstream: yes

# Use an upstream forwarder (recursive resolver) for specific zones.
# Example addresses given below are public resolvers valid as of 2014/03.
#

forward-zone:
name: "." # use for ALL queries
# forward-addr: 74.82.42.42 # he.net
# forward-addr: 2001:470:20::2 # he.net v6
# forward-addr: 8.8.8.8 # google.com
# forward-addr: 2001:4860:4860::8888 # google.com v6

# forward-addr:127.0.0.1@443
forward-addr: 208.67.222.222 # opendns.com
forward-addr: 208.67.220.220
# forward-first: yes # try direct if forwarder fails

Starting Dnscrypt-Proxy

Quote:

echo -n "Starting dnscrypt-proxy\n"
/usr/local/sbin/dnscrypt-proxy -d -a 127.0.0.1:443 -R "cloudns-syd" -m 7 -n 350 -u "_dnscrypt-proxy"

Both processes are running fine without any errors.
Please help. Thanks.

Peter_APIIT · 09-02-2015, 03:36 AM

Any tools or command i can used to troubleshoot or diagnose.

Please help. Thanks.

jeremy · 09-02-2015, 12:06 PM

Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.