Date: Sun, 09 Nov 2014 04:10:34 -0400 From: Joseph Mingrone <jrm@ftfl.ca> To: freebsd-questions@freebsd.org Subject: Re: local_unbound and dnscrypt-proxy Message-ID: <86tx28ssjp.fsf@gly.ftfl.ca> References: <86lhnup5l3.fsf@gly.ftfl.ca> <1415281391.3654995.187813213.7FAECF4C@webmail.messagingengine.com> <1415379352984-5963426.post@n5.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Beeblebrox <zaphod@berentweb.com> writes: Hello Beeblebrox, > There are several issues here: > > 1. DNSSEC does NOT work with the unbound -> dnscrypt-proxy chain. I don't > know why, but both port maintainer and software developer seem to not have > taken the issue seriously. For now, disable in unbound.conf: > # auto-trust-anchor-file: "/var/unbound/root.key" > I'm going to re-open the issue I had filed about this on github. That was it. When I commented out auto-trust-anchor-file: /var/unbound/root.key from /var/unbound/unbound.conf it worked. Below is my configuration in case it helps anyone. One issue is that when the system is booting up, things like ntpd and bsdstats time out. I guess this is because resolving doesn't work until dnscrypt-proxy has started. When I change the nameserver entry in /etc/resolv.conf to 8.8.8.8, those processes don't time out. Thanks, Joseph /etc/rc.conf dnscrypt_proxy_enable="YES" dnscrypt_proxy_flags="-a 127.0.0.2 -d -R opennic-ca-ns4" ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff" local_unbound_enable="YES" /var/unbound/unbound.conf server: #auto-trust-anchor-file: /var/unbound/root.key directory: /var/unbound do-not-query-localhost: no chroot: /var/unbound pidfile: /var/run/local_unbound.pid username: unbound use-syslog: yes verbosity: 1 include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/conf.d/*.conf /var/unbound/forward.conf forward-zone: name: "." forward-addr: 127.0.0.2@53 /etc/resolve.conf search ftfl.ca nameserver 127.0.0.1 options edns0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tx28ssjp.fsf>