• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to use DNSCRYPT with Unbound?

Scheduled Pinned Locked Moved DHCP and DNS
5 Posts 2 Posters 3.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Pistolero
    last edited by Nov 27, 2015, 11:16 PM

    Hi all,

    I am having a hell of a time getting Unbound to work with DNSCRYPT. It worked great with DNS Forwarder, but when I try to use it with Unbound, it (Unbound) refuses to start. I have tried changing the listening port for DNSCrypt to no avail.

    Can someone please assist?

    Thanks!

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Nov 28, 2015, 11:46 AM

      You do understand that unbound by default is a RESOLVER, and has nothing to do with dnscrypt which encrypts traffic to a specific name server, that is NOT how a resolver works..  A resolver walks down the tree from root talking to the authoritative servers for each domain directly until it gets to the one your doing the query in..  How would that work with dnscrypt?  Every single name server on the planet would have to use dnscrypt.

      You could put unbound in forwarder mode..  But not sure why not just use the normal forwarder if your just going to talk to some server via dnscrypt.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • P
        Pistolero
        last edited by Nov 30, 2015, 9:14 PM

        Thank you for your reply.

        I'm using Unbound as pfBlocker now comes wiht a DNSBL which only works with Unbound. Before pfBlockerNG 2.0, I happily used DNSCrypt with the forwarder.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Nov 30, 2015, 9:35 PM

          And again unbound is a different animal..  You could use it in forwarder mode, and forward it to something that is using dnscrypt..  I personally just dont buy dnscrypt at all..  if you worried about hiding your traffic from your isp, use a vpn tunnel.  While it helps you know your getting your answer from the dns server you wanted to talk too.. Who says that dns server information is actually valid?

          I personally would just run a resolver and get the info straight from the owning server for what I am looking up, hopefully they are running dnssec and I know for sure the info they give me is the info they want to give me, etc..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • P
            Pistolero
            last edited by Dec 7, 2015, 10:57 PM

            Thanks John.

            Your approach actually makes better sense. I'll stick with Unbound's default config.

            Thanks for the clarification.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received