Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to use DNSCRYPT with Unbound?

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Pistolero
      last edited by

      Hi all,

      I am having a hell of a time getting Unbound to work with DNSCRYPT. It worked great with DNS Forwarder, but when I try to use it with Unbound, it (Unbound) refuses to start. I have tried changing the listening port for DNSCrypt to no avail.

      Can someone please assist?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        You do understand that unbound by default is a RESOLVER, and has nothing to do with dnscrypt which encrypts traffic to a specific name server, that is NOT how a resolver works..  A resolver walks down the tree from root talking to the authoritative servers for each domain directly until it gets to the one your doing the query in..  How would that work with dnscrypt?  Every single name server on the planet would have to use dnscrypt.

        You could put unbound in forwarder mode..  But not sure why not just use the normal forwarder if your just going to talk to some server via dnscrypt.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          Pistolero
          last edited by

          Thank you for your reply.

          I'm using Unbound as pfBlocker now comes wiht a DNSBL which only works with Unbound. Before pfBlockerNG 2.0, I happily used DNSCrypt with the forwarder.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            And again unbound is a different animal..  You could use it in forwarder mode, and forward it to something that is using dnscrypt..  I personally just dont buy dnscrypt at all..  if you worried about hiding your traffic from your isp, use a vpn tunnel.  While it helps you know your getting your answer from the dns server you wanted to talk too.. Who says that dns server information is actually valid?

            I personally would just run a resolver and get the info straight from the owning server for what I am looking up, hopefully they are running dnssec and I know for sure the info they give me is the info they want to give me, etc..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              Pistolero
              last edited by

              Thanks John.

              Your approach actually makes better sense. I'll stick with Unbound's default config.

              Thanks for the clarification.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.