How to use DNSCRYPT with Unbound?

  • Hi all,

    I am having a hell of a time getting Unbound to work with DNSCRYPT. It worked great with DNS Forwarder, but when I try to use it with Unbound, it (Unbound) refuses to start. I have tried changing the listening port for DNSCrypt to no avail.

    Can someone please assist?


  • LAYER 8 Global Moderator

    You do understand that unbound by default is a RESOLVER, and has nothing to do with dnscrypt which encrypts traffic to a specific name server, that is NOT how a resolver works..  A resolver walks down the tree from root talking to the authoritative servers for each domain directly until it gets to the one your doing the query in..  How would that work with dnscrypt?  Every single name server on the planet would have to use dnscrypt.

    You could put unbound in forwarder mode..  But not sure why not just use the normal forwarder if your just going to talk to some server via dnscrypt.

  • Thank you for your reply.

    I'm using Unbound as pfBlocker now comes wiht a DNSBL which only works with Unbound. Before pfBlockerNG 2.0, I happily used DNSCrypt with the forwarder.

  • LAYER 8 Global Moderator

    And again unbound is a different animal..  You could use it in forwarder mode, and forward it to something that is using dnscrypt..  I personally just dont buy dnscrypt at all..  if you worried about hiding your traffic from your isp, use a vpn tunnel.  While it helps you know your getting your answer from the dns server you wanted to talk too.. Who says that dns server information is actually valid?

    I personally would just run a resolver and get the info straight from the owning server for what I am looking up, hopefully they are running dnssec and I know for sure the info they give me is the info they want to give me, etc..

  • Thanks John.

    Your approach actually makes better sense. I'll stick with Unbound's default config.

    Thanks for the clarification.

Log in to reply