[CentOS] Problems with dnscrypt's package from EPEL

Sun Dec 10 20:10:45 UTC 2017
Stephen John Smoogen <smooge at gmail.com>

Not sure if this is a factor yet, but your forwardzone is looking for
3 ports but only 2 ports are configured in the systemd startup.. so
are 1/3 of all lookups going to fail? Or is the 6355 a 'given' (aka it
will be set up whether 6353 and 6354 are setup?)

On 9 December 2017 at 16:45, C. L. Martinez <carlopmart at gmail.com> wrote:
> On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:
>> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
>> > On 9 December 2017 at 14:04, C. L. Martinez <carlopmart at gmail.com> wrote:
>> > > Hi all,
>> > >
>> > >  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 and using unbound as a resolver. But, I see constant timeouts and responses are very slow ... Using same config in a Debian 9 virtual machine, all works ok.
>> > >
>> > >  I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone have seen similar problems?
>> > >
>> >
>> > Can you give some more information on what you are seeing and how you
>> > have it set up? I can try to duplicate it in EPEL and/or put in bugs
>> > on the package.
>> >
>> >
>>
>> Of course and thanks in advance Stephen. My dnscrypt startup scripts use the following options:
>>
>> [Service]
>> Type=forking
>> PIDFile=/var/run/dnscrypt-cs.pid
>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>       --daemonize \
>>       --user=nobody \
>>       --pidfile=/var/run/dnscrypt-cs.pid \
>>       --ephemeral-keys \
>>       --resolver-name=cs-fi \
>>       --logfile=/tmp/cs.log \
>>       --local-address=127.0.0.1:6354
>> Restart=on-abort
>>
>> [Service]
>> Type=forking
>> PIDFile=/var/run/dnscrypt-ipredator.pid
>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>       --daemonize \
>>       --user=nobody \
>>       --pidfile=/var/run/dnscrypt-ipredator.pid \
>>       --ephemeral-keys \
>>       --resolver-name=ipredator \
>>       --logfile=/tmp/ipredator.log \
>>       --local-address=127.0.0.1:6353
>> Restart=on-abort
>>
>> And unbound.conf is:
>>
>> server:
>>       interface: 127.0.0.1
>>       interface: 172.22.54.4
>>       interface: ::1
>>       port: 53
>>       do-ip6: no
>>       do-udp: yes
>>       do-tcp: yes
>>       num-threads: 1
>>
>>       access-control: 0.0.0.0/0 refuse
>>       access-control: 127.0.0.0/8 allow
>>       access-control: ::0/0 refuse
>>       access-control: ::1 allow
>>       access-control: 172.22.54.0/29 allow
>>       access-control: 172.22.55.1 allow
>>
>>       hide-identity: yes
>>       hide-version: yes
>>
>>       do-not-query-localhost: no
>>       val-permissive-mode: yes
>>       val-clean-additional: yes
>>       module-config: "validator iterator"
>
> Oops .. sorry. There are more options in unbound.conf's file:
>
> remote-control:
>         control-enable: yes
>         control-use-cert: yes
>         control-interface: 127.0.0.1
>
> forward-zone:
>         name: "."
>         forward-addr: 127.0.0.1 at 6353
>         forward-addr: 127.0.0.1 at 6354
>         forward-addr: 127.0.0.1 at 6355
>
> Sorry.
>
> --
> Greetings,
> C. L. Martinez
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.