Just a quick followup on a thread I started on July 26. Turned out to
be a configuration error on my end.
Originally I had unbound listening on both localhost and the internal
interface. This was a carry-over from previously using dnsmasq on 5.4.
dnsmasq would log informational messages along the lines of 'Cannot
bind to wildcard address due to OS limitations'. Got tired of seeing
that in logs, which listening on localhost and internal eliminated.
What eliminated the weirdness was binding to the wildcard addy:
unbound.conf
interface: 0.0.0.0
forward zone:
name: "."
forward-addr: 127.0.0.1@5353
resolv.conf - nameserver 127.0.0.1
dnscrypt-proxy is listening on 127.0.0.1@5353
Also starting unbound with unbound_flags="-v -v -v" gives much more useful info:
[1407271075] unbound[1525:0] debug: Forward zone server list:
[1407271075] unbound[1525:0] info: DelegationPoint<.>: 0 names (0
missing), 1 addrs (0 result, 1 avail) parentNS
[1407271075] unbound[1525:0] debug: ip4 127.0.0.1 port 5353 (len 16)
The above is what you want to see if it is all hooked up correctly.
Sometimes the answers are staring you right in the face and you just
don't see them... Hopefully this helps anyone new to unbound and
dnscrypt-proxy.
--
Z
