On 12/20/2015 03:47 PM, Green Dream wrote:
Weasel and velope on #tor-project suggested that I remove DNSCrypt entirely and let Unbound be a recursive resolver against the root DNS servers, which I have now done.
Jesse would you mind sharing how you configured this?
Certainly. My configuration files are here: https://gist.github.com/Jesse-V/66fe794bf1b9e4ccf852 Unbound does most of the hard work already and by default queries authoritative DNS servers. My configuration is based on the manpage, Fedora's default Unbound configuration, and the optimization suggestions on the Arch wiki. However, the Gist above is for Ubuntu 14.04, so feel free to merge and adapt it with your distribution.
I just realized that the word "Unbound" is the opposite of "BIND", the default DNS software. How clever of them.