[CentOS] Problems with dnscrypt's package from EPEL

Sat Dec 9 21:45:20 UTC 2017
C. L. Martinez <carlopmart at gmail.com>

On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:
> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
> > On 9 December 2017 at 14:04, C. L. Martinez <carlopmart at gmail.com> wrote:
> > > Hi all,
> > >
> > >  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 and using unbound as a resolver. But, I see constant timeouts and responses are very slow ... Using same config in a Debian 9 virtual machine, all works ok.
> > >
> > >  I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone have seen similar problems?
> > >
> > 
> > Can you give some more information on what you are seeing and how you
> > have it set up? I can try to duplicate it in EPEL and/or put in bugs
> > on the package.
> > 
> > 
> 
> Of course and thanks in advance Stephen. My dnscrypt startup scripts use the following options:
> 
> [Service]
> Type=forking
> PIDFile=/var/run/dnscrypt-cs.pid
> ExecStart=/usr/sbin/dnscrypt-proxy \
> 	--daemonize \
> 	--user=nobody \
> 	--pidfile=/var/run/dnscrypt-cs.pid \
> 	--ephemeral-keys \
> 	--resolver-name=cs-fi \
> 	--logfile=/tmp/cs.log \
> 	--local-address=127.0.0.1:6354
> Restart=on-abort
> 
> [Service]
> Type=forking
> PIDFile=/var/run/dnscrypt-ipredator.pid
> ExecStart=/usr/sbin/dnscrypt-proxy \
> 	--daemonize \
> 	--user=nobody \
> 	--pidfile=/var/run/dnscrypt-ipredator.pid \
> 	--ephemeral-keys \
> 	--resolver-name=ipredator \
> 	--logfile=/tmp/ipredator.log \
> 	--local-address=127.0.0.1:6353
> Restart=on-abort
> 
> And unbound.conf is: 
> 
> server:
> 	interface: 127.0.0.1
> 	interface: 172.22.54.4
> 	interface: ::1
> 	port: 53
> 	do-ip6: no
> 	do-udp: yes
> 	do-tcp: yes
> 	num-threads: 1
> 
> 	access-control: 0.0.0.0/0 refuse
> 	access-control: 127.0.0.0/8 allow
> 	access-control: ::0/0 refuse
> 	access-control: ::1 allow
> 	access-control: 172.22.54.0/29 allow
> 	access-control: 172.22.55.1 allow
> 
> 	hide-identity: yes
> 	hide-version: yes
> 
> 	do-not-query-localhost: no
> 	val-permissive-mode: yes
> 	val-clean-additional: yes
> 	module-config: "validator iterator"

Oops .. sorry. There are more options in unbound.conf's file:

remote-control:
	control-enable: yes
	control-use-cert: yes
	control-interface: 127.0.0.1

forward-zone:
	name: "."
	forward-addr: 127.0.0.1 at 6353
	forward-addr: 127.0.0.1 at 6354
	forward-addr: 127.0.0.1 at 6355

Sorry.

-- 
Greetings,
C. L. Martinez