Strange DNS lookups from firewall

Started by nylund, February 12, 2020, 10:59:42 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 13, 2020, 03:36:12 PM #15
Yes thanks
i did and tested but still have something missing or misconfigured on my system through using unbound.

Maybe the NAT but this does only route LAN traffic 53 to 127.0.0.1
The needed FW rule allows it.

I did setup unbound to be a forwarder using the DNS server in the System - General menue.
As soon i removed them, disabled unbound and activated DNSCrypt no resolution could be done.

And YES i setup some DoH and DNSCrypt on the servers tab and as far i understood if you leave the field blank it will use any of the "known" ones..

thanks
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
February 13, 2020, 03:41:08 PM #16
Looks like per - https://github.com/opnsense/docs/blob/master/source/manual/how-tos/dnscrypt-proxy.rst

You have to add your LAN ip to the listening port as well at the bottom of the page -----
Now change to Services->DNSCrypt-Proxy->Configuration and add your Local LAN IP address to the Listen Address field, e.g. 192.168.2.1:53.

Optionally you can set :53 to listen on all addresses like the default behaviour in Unbound.
February 13, 2020, 03:42:44 PM #17
Quote from: cguilford on February 13, 2020, 03:41:08 PM
Looks like per - https://github.com/opnsense/docs/blob/master/source/manual/how-tos/dnscrypt-proxy.rst

You have to add your LAN ip to the listening port as well at the bottom of the page -----
Now change to Services->DNSCrypt-Proxy->Configuration and add your Local LAN IP address to the Listen Address field, e.g. 192.168.2.1:53.

Optionally you can set :53 to listen on all addresses like the default behaviour in Unbound.

Thank you very much! Much appreciated!
Will try and report!
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
February 13, 2020, 03:54:58 PM #18 Last Edit: February 13, 2020, 03:57:32 PM by ArminF
OK, one step further

- removed DNS forward settings in System - General
- disabled Unbound Service

- Set a few server in DNSCrypt Server tab (https://dnscrypt.info/public-servers/)
   here i copied the sdns stamps and pasted them
- Set listener to 127.0.0.1:53 and 192.168.1.1:53
- tried to start DNSCrypt service
---> failed did not start

Error is Log [
FATAL] Stamp error for the static [quad9-dnscrypt-ip4-filter-pri] definition: [illegal base64 data at input byte 4]

Removed all the servers and tried to start

--> WORKS !!

need to check deeper if copy and paste the sdns stamps somehow messed it up.

Thank you all for your support and help!


[NOTICE] dnscrypt-proxy is ready - live servers: 55   :)
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
Print
Go Up Pages 1 2
User actions