Maltrail not complementing with Unbound DNS and DNSCrypt when doing WICAR test

[scalaechlon]

Good day,

I recently installed and upgraded OPNSENSE to its latest version to use the Unbound DNS and DNS Crypt in providing a DNS Server for my office websites.

When doing the EICAR Test it worked very perfectly, as Unbound DNS and DNS Crypt had done these jobs:

for Unbound DNS:
forwards all queries to dnscrypt-proxy while itself is listening on all interfaces on port 53 (IPv4 + IPv6) and handle the dns requests for the local network unencrypted. (compliments to p1n0ck10)

for DNS Crypt:
dnscrypt-proxy is only listen on the localhost addresses 127.0.0.1 (IPv4) and ::1 (IPv6) on port 5353 and handle the dns requests to the internet encrypted. (compliments to p1n0ck10)

This means that DNS Crypt handles and manages security for outgoing requests to the internet while Unbound DNS is the one responsible for DNS requests management inside LAN.

This is the reason that my office websites passed WICAR tests and even improved the rating from C to B+ in DNS performance thru the DNSStuff website.

It also works very well with the Suricata IDPS even when realtek NIC's are used, might upgrade it to intel NIC for better IDPS performance. 

However, when Mal trail is introduced in this setup, it seems to confuse the Black List rule sets of both DNS Crypt and Unbound DNS resulting to some WICAR tests not blocking as expected.   

Can anyone help what seems to be the problem in this setup?