With dnscrypt-proxy running, can you resolve hostnames? dig @127.0.0.1 -p 4553 somehostname.com
If you can, do you have "do-not-query-localhost" set to "no" in your unbound configuration? On Sun, Sep 20, 2015 at 10:04 AM, C.L. Martinez <carlopm...@gmail.com> wrote: > Hi all, > > I have installed an openbsd 5.7 VM today to do some tests with pf rules. > One of the components to I need to enable in this gateway is > unbound+dnscrypt-proxy. > > I have configured forwarding in unbound.conf: > > forward-zone: > name: "." > forward-addr: 127.0.0.1@4553 > > And I have started dnscypt-proxy with the following arguments: > > -d --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p > /var/run/dnscrypt-proxy.pid > > Output: > > 32032 ?? Is 0:00.00 /usr/sbin/ftp-proxy -m 25 > 32411 ?? Is 0:00.00 /usr/local/sbin/dnscrypt-proxy -d > --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p > /var/run/dnscrypt-proxy.pid > 5667 ?? I 0:00.03 /usr/local/sbin/dnscrypt-proxy -d > --user=_dnscrypt-proxy -a 127.0.0.1:4553 -R dnscrypt.eu-nl -p > /var/run/dnscrypt-proxy.pid > 1256 ?? Is 0:00.00 /usr/sbin/cron > 17818 ?? Ss 0:00.12 sshd: root@ttyp0 (sshd) > 527 ?? Is 0:00.05 unbound -c /var/unbound/etc/unbound.conf > 30164 p0 Ss 0:00.02 -ksh (ksh) > 7382 p0 R+ 0:00.00 ps -xa > 16881 C0 Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC0 > 3047 C1 Is+ 0:00.00 /usr/libexec/getty std.9600 ttyC1 > > And it doesn't works. But if I change unbound's forward section to: > > forward-zone: > name: "." > #forward-addr: 127.0.0.1@4553 > forward-addr: 8.8.8.8 > > Works ok. Removing all forward seciton, unbound works ok also. Then, I am > doing something wrong but I don't know which. > > Any idea?? > > Thanks. > > -- "BSD is what happens when Unix programmers port Unix to the x86. Linux is what happens when x86 programmers write a Unix-like. Windows is what happens when x86 programmers run all of their programming textbooks through a blender, eat the ground up remains of the text, and then code up what they can read in the toilet 3 days later."
