DNSCrypt Proxy Only Localhost

[Nekromantik]

Hi all
I have DNSCrypt proxy 2 set up and running on 127.0.0.1 port 5353.
On opnsense I can use drill to query DNS on that port and it works.
However when I got Unbound forwarder set to :

Code: [Select]

forward-zone:
    name: "."
    forward-addr: 127.0.0.1@5353
all my LAN devices cant query DNS anymore.
When I add 8.8.8.8 to the forwarder it works again.

Any suggestions?

[jjanzz]

So, dnscrypt-proxy is, in fact listening on 127.0.0.1, port 5353? Did you configure an upstream server in dnscrypt-proxy? It does need to relay the queries somewhere. If you already set that, can you SSH into the machine and see whether dnscrypt-proxy is actually listening?

What is the output of:

Code: [Select]

sockstat -4 -l | grep 5353
and:

Code: [Select]

telnet 127.0.0.1 5353

[Nekromantik]

I found the issue.
I was missing:

Code: [Select]

do-not-query-localhost: noin unbound custom config.
Now my LAN devices can resolve when forwarding to port 5353 in unbound.
thanks

[jjanzz]

I found the issue.

Good job! And thank you kindly for sharing the solution - others might benefit from that if they ran into the same issue!