[CentOS] Problems with dnscrypt's package from EPEL
Stephen John Smoogen
smooge at gmail.com
Sun Dec 10 20:10:45 UTC 2017
Not sure if this is a factor yet, but your forwardzone is looking for
3 ports but only 2 ports are configured in the systemd startup.. so
are 1/3 of all lookups going to fail? Or is the 6355 a 'given' (aka it
will be set up whether 6353 and 6354 are setup?)
On 9 December 2017 at 16:45, C. L. Martinez <carlopmart at gmail.com> wrote:
> On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:
>> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
>> > On 9 December 2017 at 14:04, C. L. Martinez <carlopmart at gmail.com> wrote:
>> > > Hi all,
>> > >
>> > > I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 and using unbound as a resolver. But, I see constant timeouts and responses are very slow ... Using same config in a Debian 9 virtual machine, all works ok.
>> > >
>> > > I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone have seen similar problems?
>> > >
>> >
>> > Can you give some more information on what you are seeing and how you
>> > have it set up? I can try to duplicate it in EPEL and/or put in bugs
>> > on the package.
>> >
>> >
>>
>> Of course and thanks in advance Stephen. My dnscrypt startup scripts use the following options:
>>
>> [Service]
>> Type=forking
>> PIDFile=/var/run/dnscrypt-cs.pid
>> ExecStart=/usr/sbin/dnscrypt-proxy \
>> --daemonize \
>> --user=nobody \
>> --pidfile=/var/run/dnscrypt-cs.pid \
>> --ephemeral-keys \
>> --resolver-name=cs-fi \
>> --logfile=/tmp/cs.log \
>> --local-address=127.0.0.1:6354
>> Restart=on-abort
>>
>> [Service]
>> Type=forking
>> PIDFile=/var/run/dnscrypt-ipredator.pid
>> ExecStart=/usr/sbin/dnscrypt-proxy \
>> --daemonize \
>> --user=nobody \
>> --pidfile=/var/run/dnscrypt-ipredator.pid \
>> --ephemeral-keys \
>> --resolver-name=ipredator \
>> --logfile=/tmp/ipredator.log \
>> --local-address=127.0.0.1:6353
>> Restart=on-abort
>>
>> And unbound.conf is:
>>
>> server:
>> interface: 127.0.0.1
>> interface: 172.22.54.4
>> interface: ::1
>> port: 53
>> do-ip6: no
>> do-udp: yes
>> do-tcp: yes
>> num-threads: 1
>>
>> access-control: 0.0.0.0/0 refuse
>> access-control: 127.0.0.0/8 allow
>> access-control: ::0/0 refuse
>> access-control: ::1 allow
>> access-control: 172.22.54.0/29 allow
>> access-control: 172.22.55.1 allow
>>
>> hide-identity: yes
>> hide-version: yes
>>
>> do-not-query-localhost: no
>> val-permissive-mode: yes
>> val-clean-additional: yes
>> module-config: "validator iterator"
>
> Oops .. sorry. There are more options in unbound.conf's file:
>
> remote-control:
> control-enable: yes
> control-use-cert: yes
> control-interface: 127.0.0.1
>
> forward-zone:
> name: "."
> forward-addr: 127.0.0.1 at 6353
> forward-addr: 127.0.0.1 at 6354
> forward-addr: 127.0.0.1 at 6355
>
> Sorry.
>
> --
> Greetings,
> C. L. Martinez
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
--
Stephen J Smoogen.
More information about the CentOS
mailing list