Does unbound.conf have the following setting? do-not-query-localhost: no
Unbound will not query the local host without that set to no. > On Sep 8, 2016, at 5:49 PM, Martin Hanson <greencopperm...@yandex.com> wrote: > > Hi, > > Since I upgraded to OBSD 6.0 I have had some problems with Unbound and dnscrypt-proxy. > > Normally I would troubleshoot by using "dig" to request directly to dnscrypt-proxy, but for some reason (I don't know) the "-p" option has been removed and it is impossible to use that now. > > Unbound seems unable to forward requests to dnscrypt-proxy which I have running on port 40 following the guide in the FAQ (http://www.openbsd.org/faq/pf/example1.html#dns). > > In my unbound.conf I have the following: > > forward-addr: 127.0.0.1@40 > > Then in my /etc/rc.conf.local I have: > > dnscrypt_proxy_flags=-l /var/log/dnscrypt-proxy -R fvz-rec-de-fra-01 -a 127.0.0.1:40 > pkg_scripts="dnscrypt_proxy" > > When I do a "dig yahoo.com" I get the following: > > ;yahoo.com. IN A > > No IP. And a ping also returns: > > ping: unknown host: yahoo.com > > Of course I have tested other hosts as well, same result. > > I am getting no information in the logs. > > If I have unbound forward directly to an OpenNIC server all works well again so the trouble is between unbound and dnscrypt-proxy. > > This used to work flawlessly, but since the "-p" option has been removed from "dig" it's very difficult to debug dnscrypt-proxy without having PF doing redirects and what not. > > How to troubleshoot this problem better? > > Kind regards