On 2016-09-08, Martin Hanson <[email protected]> wrote: > Hi, > > Since I upgraded to OBSD 6.0 I have had some problems with Unbound and > dnscrypt-proxy. > > Normally I would troubleshoot by using "dig" to request directly to > dnscrypt-proxy, but for some reason (I don't know) the "-p" option has > been removed and it is impossible to use that now.
This was removed because the version of dig(1) in base uses pledge(2) to make restrictions on system calls - in this case it only allows port 53 connections. (Technically it could be changed to use a different pledge if -p is specified, I'm not sure if this is desirable though). To use another port number, you could use /usr/local/bin/dig from the isc-bind package. > Unbound seems unable to forward requests to dnscrypt-proxy > which I have running on port 40 following the guide in the FAQ > (http://www.openbsd.org/faq/pf/example1.html#dns). I wish that example hadn't been added to the faq.
