Hello I am using unbound from Git version: 1.6.9 and have compiled it with --enable-dnscrypt .This is my unbound.conf setup; # unbound.conf for a local subnet.# server: interface: 0.0.0.0 interface: ::0 access-control: 192.168.0.0/16 allow access-control: ::1 allow # DNSCRYPT server: ####### interface: 0.0.0.0@443 interface: ::0@443 directory: "/usr/local/etc/unbound" chroot: "" username: "" verbosity:0 num-threads: 1 prefetch:yes prefetch-key:yes use-syslog:no do-ip6: no so-reuseport: yes module-config: "validator iterator" do-not-query-localhost: no # file to read root hints from. #get one from ftp://FTP.INTERNIC.NET/domain/ root-hints: "/usr/local/etc/unbound/named.cache" ############################################################ include: "/usr/local/etc/unbound/unbound_ad_servers" #update the above file by using below command as root : #curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext"; > /usr/local/etc/unbound/unbound_ad_servers logfile: "/usr/local/etc/unbound/unbound.log" log-time-ascii:yes
#################################################### #auto-trust-anchor-file: "/usr/local/etc/unbound/root.key" #root key file, automatically updated##### remove # only for DNSSEC capable dns servers ########## #################################################### #Remote control config section. remote-control: # Enable remote control with unbound-control(8) here. # set up the keys and certificates with unbound-control-setup. control-enable:yes ######DNSCRYPT############ dnscrypt: dnscrypt-enable:yes dnscrypt-port:443 dnscrypt-provider:2.dnscrypt-cert.cryptostorm.is. dnscrypt-secret-key:/usr/local/etc/unbound/1.key dnscrypt-provider-cert:/usr/local/etc/unbound/1.cert forward-zone: name: "." forward-addr:5.101.137.251 ############################### The only lines I see in my unbound.log where dnscrypt is mentioned is this line that is repeated occasionally : Jan 23 05:35:12 unbound[32581:0] notice: DNSCrypt: Freeing environment. If I use the above unbound.conf and look on website https://whoer.net/it shows my own ISP i.p address correctly and DNS 5.101.137.251 correctly, which belongs to dnscrypt-provider:2.dnscrypt-cert.cryptostorm.is. If I change it to : #forward-zone: # name: "." #forward-addr:5.101.137.251 my DNS address then shows my own ISP DNS , but I presume it should show 5.101.137.251 if dnscrypt was working correctly. If I change it to : #dnscrypt: # dnscrypt-enable:yes #dnscrypt-port:443 #dnscrypt-provider:2.dnscrypt-cert.cryptostorm.is. #dnscrypt-secret-key:/usr/local/etc/unbound/1.key #dnscrypt-provider-cert:/usr/local/etc/unbound/1.cert forward-zone: name: "." forward-addr: my DNS address then shows my DNS address then shows again as 5.101.137.251 . Can I presume dnscrypt is not working correctly and is there any suggestions as to how I can get it to work please ? thanks Peter
