On 09/27/2016 04:39 PM, pa011 wrote:
Yes I know Tristan -Thank you for reminding (a quick good tutorial would make change easier)
here's just an example how i have it setup:
on ubuntu: apt install unbound dnscrypt-proxy
add this to /etc/rc.local:
/usr/sbin/dnscrypt-proxy -a 127.0.0.1:40 -u _dnscrypt-proxy -d -l /dev/null -R dnscrypt.eu-nl /usr/sbin/dnscrypt-proxy -a 127.0.0.1:41 -u _dnscrypt-proxy -d -l /dev/null -R dnscrypt.org-fr /usr/sbin/dnscrypt-proxy -a 127.0.0.1:42 -u _dnscrypt-proxy -d -l /dev/null -R dnscrypt.eu-dk
edit /etc/unbound/unbound.conf:
server: interface: 127.0.0.1 do-ip6: no verbosity: 1 do-not-query-localhost: no
access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow
hide-identity: yes hide-version: yes
auto-trust-anchor-file: "/var/lib/unbound/root.key" # get a fresh copy from time to time from here: # ftp://FTP.INTERNIC.NET/domain/named.cache root-hints: "/var/lib/unbound/root.hints"
remote-control: control-enable: yes control-use-cert: no control-interface: /var/run/unbound.sock
forward-zone: name: "." forward-addr: 127.0.0.1@40 # dnscrypt-proxy forward-addr: 127.0.0.1@41 # dnscrypt-proxy 2 forward-addr: 127.0.0.1@42 # dnscrypt-proxy 3
change your /etc/resolv.conf: nameserver 127.0.0.1
for unbound: "auto-trust-anchor-file" and "auto-trust-anchor-file" is for enabling DNSSEC. it's optional. you'd have to fetch the file root-hints. "unbound-anchor" can take care of the auto-trust-anchor-file.