On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote: > On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote: > > On 9 December 2017 at 14:04, C. L. Martinez <carlopmart at gmail.com> wrote: > > > Hi all, > > > > > > I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 and using unbound as a resolver. But, I see constant timeouts and responses are very slow ... Using same config in a Debian 9 virtual machine, all works ok. > > > > > > I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone have seen similar problems? > > > > > > > Can you give some more information on what you are seeing and how you > > have it set up? I can try to duplicate it in EPEL and/or put in bugs > > on the package. > > > > > > Of course and thanks in advance Stephen. My dnscrypt startup scripts use the following options: > > [Service] > Type=forking > PIDFile=/var/run/dnscrypt-cs.pid > ExecStart=/usr/sbin/dnscrypt-proxy \ > --daemonize \ > --user=nobody \ > --pidfile=/var/run/dnscrypt-cs.pid \ > --ephemeral-keys \ > --resolver-name=cs-fi \ > --logfile=/tmp/cs.log \ > --local-address=127.0.0.1:6354 > Restart=on-abort > > [Service] > Type=forking > PIDFile=/var/run/dnscrypt-ipredator.pid > ExecStart=/usr/sbin/dnscrypt-proxy \ > --daemonize \ > --user=nobody \ > --pidfile=/var/run/dnscrypt-ipredator.pid \ > --ephemeral-keys \ > --resolver-name=ipredator \ > --logfile=/tmp/ipredator.log \ > --local-address=127.0.0.1:6353 > Restart=on-abort > > And unbound.conf is: > > server: > interface: 127.0.0.1 > interface: 172.22.54.4 > interface: ::1 > port: 53 > do-ip6: no > do-udp: yes > do-tcp: yes > num-threads: 1 > > access-control: 0.0.0.0/0 refuse > access-control: 127.0.0.0/8 allow > access-control: ::0/0 refuse > access-control: ::1 allow > access-control: 172.22.54.0/29 allow > access-control: 172.22.55.1 allow > > hide-identity: yes > hide-version: yes > > do-not-query-localhost: no > val-permissive-mode: yes > val-clean-additional: yes > module-config: "validator iterator" Oops .. sorry. There are more options in unbound.conf's file: remote-control: control-enable: yes control-use-cert: yes control-interface: 127.0.0.1 forward-zone: name: "." forward-addr: 127.0.0.1 at 6353 forward-addr: 127.0.0.1 at 6354 forward-addr: 127.0.0.1 at 6355 Sorry. -- Greetings, C. L. Martinez