Hello to all,
I tried to set up dns encryption with unbound forward to dnscrypt-proxy but the dns lookup fails and I had no idea how to diagnose/troubleshoot it. Therefore, I'm hope someone will provide some guidance on where to look for.
Below is my unbound configuration:
Quote:
server:
interface: 127.0.0.1
interface: 172.16.1.1
do-ip6: no
prefetch: yes
prefetch-key: yes
#verbosity: 4
log-time-ascii: yes
statistics-interval: 3600
access-control: 0.0.0.0/0 deny
access-control: 127.0.0.0/8 allow
access-control: 172.16.1.0/24 allow
access-control: ::0/0 refuse
#access-control: ::1 allow
do-not-query-localhost: no
num-threads: 2
msg-cache-size: 8mb
rrset-cache-size: 16mb
msg-cache-slabs: 8mb
rrset-cache-slabs: 8mb
infra-cache-slabs: 8mb
key-cache-slabs: 8mb
hide-identity: yes
# Uncomment to enable DNSSEC validation.
#
#auto-trust-anchor-file: "/var/unbound/db/root.key"
# Serve zones authoritatively from Unbound to resolver clients.
# Not for external service.
#
#local-zone: "local." static
#local-data: "mycomputer.local. IN A 192.0.2.51"
#local-zone: "2.0.192.in-addr.arpa." static
#local-data-ptr: "192.0.2.51 mycomputer.local"
# UDP EDNS reassembly buffer advertised to peers. Default 4096.
# May need lowering on broken networks with fragmentation/MTU issues,
# particularly if validating DNSSEC.
#
#edns-buffer-size: 1480
# Use TCP for "forward-zone" requests. Useful if you are making
# DNS requests over an SSH port forwarding.
#
#tcp-upstream: yes
# Use an upstream forwarder (recursive resolver) for specific zones.
# Example addresses given below are public resolvers valid as of 2014/03.
#
forward-zone:
name: "." # use for ALL queries
# forward-addr: 74.82.42.42 # he.net
# forward-addr: 2001:470:20::2 # he.net v6
# forward-addr: 8.8.8.8 # google.com
# forward-addr: 2001:4860:4860::8888 # google.com v6
# forward-addr:127.0.0.1@443
forward-addr: 208.67.222.222 # opendns.com
forward-addr: 208.67.220.220
# forward-first: yes # try direct if forwarder fails
|
Starting Dnscrypt-Proxy
Quote:
echo -n "Starting dnscrypt-proxy\n"
/usr/local/sbin/dnscrypt-proxy -d -a 127.0.0.1:443 -R "cloudns-syd" -m 7 -n 350 -u "_dnscrypt-proxy"
|
Both processes are running fine without any errors.
Please help. Thanks.