Not sure if this is a factor yet, but your forwardzone is looking for 3 ports but only 2 ports are configured in the systemd startup.. so are 1/3 of all lookups going to fail? Or is the 6355 a 'given' (aka it will be set up whether 6353 and 6354 are setup?) On 9 December 2017 at 16:45, C. L. Martinez <carlopmart at gmail.com> wrote: > On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote: >> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote: >> > On 9 December 2017 at 14:04, C. L. Martinez <carlopmart at gmail.com> wrote: >> > > Hi all, >> > > >> > > I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 and using unbound as a resolver. But, I see constant timeouts and responses are very slow ... Using same config in a Debian 9 virtual machine, all works ok. >> > > >> > > I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone have seen similar problems? >> > > >> > >> > Can you give some more information on what you are seeing and how you >> > have it set up? I can try to duplicate it in EPEL and/or put in bugs >> > on the package. >> > >> > >> >> Of course and thanks in advance Stephen. My dnscrypt startup scripts use the following options: >> >> [Service] >> Type=forking >> PIDFile=/var/run/dnscrypt-cs.pid >> ExecStart=/usr/sbin/dnscrypt-proxy \ >> --daemonize \ >> --user=nobody \ >> --pidfile=/var/run/dnscrypt-cs.pid \ >> --ephemeral-keys \ >> --resolver-name=cs-fi \ >> --logfile=/tmp/cs.log \ >> --local-address=127.0.0.1:6354 >> Restart=on-abort >> >> [Service] >> Type=forking >> PIDFile=/var/run/dnscrypt-ipredator.pid >> ExecStart=/usr/sbin/dnscrypt-proxy \ >> --daemonize \ >> --user=nobody \ >> --pidfile=/var/run/dnscrypt-ipredator.pid \ >> --ephemeral-keys \ >> --resolver-name=ipredator \ >> --logfile=/tmp/ipredator.log \ >> --local-address=127.0.0.1:6353 >> Restart=on-abort >> >> And unbound.conf is: >> >> server: >> interface: 127.0.0.1 >> interface: 172.22.54.4 >> interface: ::1 >> port: 53 >> do-ip6: no >> do-udp: yes >> do-tcp: yes >> num-threads: 1 >> >> access-control: 0.0.0.0/0 refuse >> access-control: 127.0.0.0/8 allow >> access-control: ::0/0 refuse >> access-control: ::1 allow >> access-control: 172.22.54.0/29 allow >> access-control: 172.22.55.1 allow >> >> hide-identity: yes >> hide-version: yes >> >> do-not-query-localhost: no >> val-permissive-mode: yes >> val-clean-additional: yes >> module-config: "validator iterator" > > Oops .. sorry. There are more options in unbound.conf's file: > > remote-control: > control-enable: yes > control-use-cert: yes > control-interface: 127.0.0.1 > > forward-zone: > name: "." > forward-addr: 127.0.0.1 at 6353 > forward-addr: 127.0.0.1 at 6354 > forward-addr: 127.0.0.1 at 6355 > > Sorry. > > -- > Greetings, > C. L. Martinez > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen.