Unbound won't start with do-not-query-localhost: no for dnscrypt-proxy

[moonman]

Hello everyone,

I was just following https://docs.opnsense.org/manual/how-tos/dnscrypt-proxy.html to setup dnscrypt-proxy.
In the first paragraph the guide says to "just set this in your Unbound Advanced settings:"

Code: [Select]

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
There is no option to use custom options under Unbound --> Advanced, so I assume the author meant Unbound --> General --> Custom options.

Well, inserting the above into Custom Options, saving and applying settings kills Unbound and it won't start again until

Code: [Select]

do-not-query-localhost: no is removed (and the rest kept), with the only issue that no address resolves without this option. I assume it just won't forward to 127.0.0.1:5151 because it's localhost and it is disallowed.

Any help would be appreciated.

[moonman]

Found out why after inspecting unbound.conf

Custom options are put into the config after domain overrides and unbound doesn't like it.

The solution is to remove all of your overrides and stck them manually between

Code: [Select]

private-domain: "example.lan"
domain-insecure: "example.lan"
do-not-query-localhost: noand

Code: [Select]

forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5353
For example:

Code: [Select]

private-domain: "example.lan"
domain-insecure: "example.lan"
do-not-query-localhost: no
forward-zone:
        name: "example.lan"
        forward-addr: 192.168.1.1
forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5353