Sent from my iPhone > On Sep 8, 2016, at 5:49 PM, Martin Hanson <[email protected]> wrote: > > Hi, > > Since I upgraded to OBSD 6.0 I have had some problems with Unbound and dnscrypt-proxy. > > Normally I would troubleshoot by using "dig" to request directly to dnscrypt-proxy, but for some reason (I don't know) the "-p" option has been removed and it is impossible to use that now. > > Unbound seems unable to forward requests to dnscrypt-proxy which I have running on port 40 following the guide in the FAQ (http://www.openbsd.org/faq/pf/example1.html#dns). > > In my unbound.conf I have the following: > > forward-addr: 127.0.0.1@40 > > Then in my /etc/rc.conf.local I have: > > dnscrypt_proxy_flags=-l /var/log/dnscrypt-proxy -R fvz-rec-de-fra-01 -a 127.0.0.1:40 > pkg_scripts="dnscrypt_proxy" > > When I do a "dig yahoo.com" I get the following: > > ;yahoo.com. IN A > > No IP. And a ping also returns: > > ping: unknown host: yahoo.com > > Of course I have tested other hosts as well, same result. > > I am getting no information in the logs. > > If I have unbound forward directly to an OpenNIC server all works well again so the trouble is between unbound and dnscrypt-proxy. > > This used to work flawlessly, but since the "-p" option has been removed from "dig" it's very difficult to debug dnscrypt-proxy without having PF doing redirects and what not. > > How to troubleshoot this problem better? > > Kind regards
Possibly try netcat listening on 40 and see if it's making its way to the proxy. If it isn't unbound is to blame. If it is then the proxy is guilty.
