From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 04:52:27 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AC474CBD for ; Sun, 2 Nov 2014 04:52:27 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 65AF260C for ; Sun, 2 Nov 2014 04:52:25 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Xkn9K-0000eu-HS for freebsd-questions@freebsd.org; Sun, 02 Nov 2014 05:52:22 +0100 Received: from dynamic34-29.dynamic.dal.ca ([129.173.34.203]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 02 Nov 2014 05:52:22 +0100 Received: from jrm by dynamic34-29.dynamic.dal.ca with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 02 Nov 2014 05:52:22 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Joseph Mingrone Subject: local_unbound and dnscrypt-proxy Date: Sun, 02 Nov 2014 01:52:08 -0300 Lines: 45 Message-ID: <86lhnup5l3.fsf@gly.ftfl.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: dynamic34-29.dynamic.dal.ca User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix) Cancel-Lock: sha1:W7aU5+kOvTx9OelTPAVeLH92VsI= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 04:52:27 -0000 Hi, I just upgraded to from 9-STABLE to 10-STABLE. On 9-STABLE I used dnscrypt-proxy along with unbound from ports. I'm trying to reproduce the old setup with the local_unbound included in FreeBSD 10. My current configuration is below. If I comment out «include: /var/unbound/forward.conf» from unbound.conf, resolving works, so it seems local_unbound is working OK. If I change /etc/resolv.conf to use «nameserver 127.0.0.2» (dnscrypt-proxy) instead of 127.0.0.1 (unbound) resolving works. So it seems the forwarding is not working. Am I missing something? Also, I have to comment out «unbound_conf="/var/unbound/forward.conf"» from /etc/resolvconf.conf, otherwise forward.conf gets blanked. Thanks, Joseph % cat /var/unbound/unbound.conf server: auto-trust-anchor-file: /var/unbound/root.key directory: /var/unbound do-not-query-localhost: no chroot: /var/unbound pidfile: /var/run/local_unbound.pid username: unbound use-syslog: yes verbosity: 1 #include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/conf.d/*.conf % cat /var/unbound/forward.conf forward-zone: name: "." forward-addr: 127.0.0.2@53 % cat /etc/resolvconf.conf resolv_conf="/dev/null" # prevent updating /etc/resolv.conf #unbound_conf="/var/unbound/forward.conf" unbound_pid="/var/run/local_unbound.pid" unbound_service="local_unbound" unbound_restart="service local_unbound reload"