DNSCrypt-Proxy + Unbound = need to restart service after the boot

karlson2k · June 19, 2021, 05:16:00 PM

Hello,

I have combination of DNSCrypt-Proxy + Unbound configured as described at https://docs.opnsense.org/manual/how-tos/dnscrypt-proxy.html and https://forum.opnsense.org/index.php?topic=10670.0.

The problem is uncoordinated starts of DNSCrypt-Proxy and Unbound.
During the boot process Unbound started usually before DNSCrypt-Proxy and even when DNSCrypt-Proxy is started, Unbound still fails to resolve addresses. This could be solved by manual restart of Unbound service, but it is quite annoying to manually restart Unbound after each reboot.

Could it be solved somehow?

blblblb · July 27, 2021, 10:54:55 PM

+1 this is causing me issues too. I also replied to the thread about SERVFAIL responses that creep up over time.

franco · July 28, 2021, 09:12:18 AM

> The problem is uncoordinated starts of DNSCrypt-Proxy and Unbound.

For a rigid system and traceable bootup sequence "uncoordinated" is a strange word. If you rely with core tools like Unbound on plugin tools such as Dnscrypt-proxy of course you will run into design obstacles for the simple fact that core tools are started before plugin tools.

If you just want to restart Unbound after Dnscrypt-proxy you can use the autostart described here:

https://docs.opnsense.org/development/backend/autorun.html

The "start" priority should be higher than 50 to let plugins start first, e.g. 60 is fine for the script. And the command to restart Unbound is:

pluginctl dns

Cheers,
Franco

DNSCrypt-Proxy + Unbound = need to restart service after the boot

karlson2k

June 19, 2021, 05:16:00 PM

blblblb

July 27, 2021, 10:54:55 PM #1

franco

July 28, 2021, 09:12:18 AM #2