DNSCrypt Proxy Only Localhost

Started by Nekromantik, August 26, 2018, 12:37:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 26, 2018, 12:37:16 AM
Hi all
I have DNSCrypt proxy 2 set up and running on 127.0.0.1 port 5353.
On opnsense I can use drill to query DNS on that port and it works.
However when I got Unbound forwarder set to :
Code Select
forward-zone:
    name: "."
    forward-addr: 127.0.0.1@5353

all my LAN devices cant query DNS anymore.
When I add 8.8.8.8 to the forwarder it works again.

Any suggestions?
August 26, 2018, 10:34:13 AM #1
So, dnscrypt-proxy is, in fact listening on 127.0.0.1, port 5353? Did you configure an upstream server in dnscrypt-proxy? It does need to relay the queries somewhere. If you already set that, can you SSH into the machine and see whether dnscrypt-proxy is actually listening?

What is the output of:

Code Select
sockstat -4 -l | grep 5353

and:

Code Select
telnet 127.0.0.1 5353
August 26, 2018, 01:23:56 PM #2
I found the issue.
I was missing:
Code Select
do-not-query-localhost: no
in unbound custom config.
Now my LAN devices can resolve when forwarding to port 5353 in unbound.
thanks
August 26, 2018, 01:31:31 PM #3
Quote from: Nekromantik on August 26, 2018, 01:23:56 PM
I found the issue.

Good job! And thank you kindly for sharing the solution - others might benefit from that if they ran into the same issue!
Print
Go Up Pages1
User actions