Unbound won't start with do-not-query-localhost: no for dnscrypt-proxy

[moonman]

Hello everyone,

I was just following https://docs.opnsense.org/manual/how-tos/dnscrypt-proxy.html to setup dnscrypt-proxy.
In the first paragraph the guide says to "just set this in your Unbound Advanced settings:"

Code Select Expand

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353

There is no option to use custom options under Unbound --> Advanced, so I assume the author meant Unbound --> General --> Custom options.

Well, inserting the above into Custom Options, saving and applying settings kills Unbound and it won't start again until

Code Select Expand

do-not-query-localhost: no is removed (and the rest kept), with the only issue that no address resolves without this option. I assume it just won't forward to 127.0.0.1:5151 because it's localhost and it is disallowed.

Any help would be appreciated.

[moonman]

Found out why after inspecting unbound.conf

Custom options are put into the config after domain overrides and unbound doesn't like it.

The solution is to remove all of your overrides and stck them manually between

Code Select Expand

private-domain: "example.lan"
domain-insecure: "example.lan"
do-not-query-localhost: no
and

Code Select Expand

forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5353

For example:

Code Select Expand


private-domain: "example.lan"
domain-insecure: "example.lan"
do-not-query-localhost: no
forward-zone:
        name: "example.lan"
        forward-addr: 192.168.1.1
forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5353