Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Unbound + DNScrypt intermittent failures (SEVRFAIL)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound + DNScrypt intermittent failures (SEVRFAIL) (Read 930 times)
blblblb
Newbie
Posts: 36
Karma: 2
Unbound + DNScrypt intermittent failures (SEVRFAIL)
«
on:
March 27, 2022, 06:08:49 pm »
Hi,
This has been mentioned in other posts for a while:
https://forum.opnsense.org/index.php?topic=22585.0
The symptoms are failed DNS resolution that persists for any given host using Unbound as resolver, with Unbound itself passing the requests to DNScrypt locally. I have tested this with Tor and Shadowsocks proxies and TCP only servers enabled. The jostle period sometimes might help, but it won't fix the problem. DNSSEC hardening disabled.
It manifests for clients as a persistent SERVFAIL response, whereas targeting DNScrypt directly will actually yield proper responses and the name is resolved successfully.
I have sometimes worked around the problem by forcing a cron job to restart Unbound periodically, but this is admittedly a crappy way to solve the symptoms and not the actual "disease".
Logged
https://shorturl.at/aesfC
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Unbound + DNScrypt intermittent failures (SEVRFAIL)