Re: [CentOS] Problems with dnscrypt's package from EPEL

On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:

On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:

...

On 9 December 2017 at 14:04, C. L. Martinez carlopmart@gmail.com wrote:

...

Hi all,

I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 and using unbound as a resolver. But, I see constant timeouts and responses are very slow ... Using same config in a Debian 9 virtual machine, all works ok.

I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone have seen similar problems?

Can you give some more information on what you are seeing and how you have it set up? I can try to duplicate it in EPEL and/or put in bugs on the package.

Of course and thanks in advance Stephen. My dnscrypt startup scripts use the following options:

[Service] Type=forking PIDFile=/var/run/dnscrypt-cs.pid ExecStart=/usr/sbin/dnscrypt-proxy \ --daemonize \ --user=nobody \ --pidfile=/var/run/dnscrypt-cs.pid \ --ephemeral-keys \ --resolver-name=cs-fi \ --logfile=/tmp/cs.log \ --local-address=127.0.0.1:6354 Restart=on-abort

[Service] Type=forking PIDFile=/var/run/dnscrypt-ipredator.pid ExecStart=/usr/sbin/dnscrypt-proxy \ --daemonize \ --user=nobody \ --pidfile=/var/run/dnscrypt-ipredator.pid \ --ephemeral-keys \ --resolver-name=ipredator \ --logfile=/tmp/ipredator.log \ --local-address=127.0.0.1:6353 Restart=on-abort

And unbound.conf is:

server: interface: 127.0.0.1 interface: 172.22.54.4 interface: ::1 port: 53 do-ip6: no do-udp: yes do-tcp: yes num-threads: 1

access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow access-control: 172.22.54.0/29 allow access-control: 172.22.55.1 allow

hide-identity: yes hide-version: yes

do-not-query-localhost: no val-permissive-mode: yes val-clean-additional: yes module-config: "validator iterator"

Oops .. sorry. There are more options in unbound.conf's file:

remote-control: control-enable: yes control-use-cert: yes control-interface: 127.0.0.1

forward-zone: name: "." forward-addr: 127.0.0.1@6353 forward-addr: 127.0.0.1@6354 forward-addr: 127.0.0.1@6355

Sorry.