Package: dnscrypt-proxy Version: 1.4.3-2 Severity: normal Hi! The README of ``dnscrypt-proxy`` recommends using Unbound as a DNS caching resolver in combination with it. However, Unbound enables DNSSEC and the default configuration of ``dnscrypt-proxy`` sets ``DNSCRYPT_PROXY_RESOLVER_NAME=opendns`` in its default file. The problem is that OpenDNS servers disable DNSSEC, which results in Unbound rejecting the responses coming from the proxy and name resolution failing, as explained here: https://forums.opendns.com/comments.php?DiscussionID=15361#Item_9
I suggest to change the default to a different one (e.g. the ``dnscrypt.eu-*`` servers seem to work), or to add a short comment in the default file warning about OpenDNS servers and DNSSEC. Thanks! -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages dnscrypt-proxy depends on: ii adduser 3.113+nmu3 ii init-system-helpers 1.22 ii libc6 2.19-17 ii libsodium13 1.0.1-1 ii libsystemd0 215-12 dnscrypt-proxy recommends no packages. Versions of packages dnscrypt-proxy suggests: ii resolvconf 1.76.1 -- Configuration Files: /etc/default/dnscrypt-proxy changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org