I have dnscrypt running. That is the good part. The plan is to get the resolver running on 127.0.0.2 then use unbound to set up resolver on 10.8.0.1 for openvpn. Here is the problem. Though I set up dnscrypt to use 127.0.0.2, which does work, it also works on 127.0.0.1, which will conflict with unbound's default. (unbound issues an error message when started, so the problem is real.) So the question is just how is 127.0.0.1 being used for dns?
First the proof:
The relevant part of rc.conf:
Note that local_unbound is not running.
Here is the error message from unbound, but the port actually is in use, so it is not really an error:
Here is where I declare the nameserver on 127.0.0.2:
I made sure that no dnscrypt-proxy.conf is used:
Perhaps of use:
So again, the mystery (at least to me) is how is dns provided on 127.0.0.1?
First the proof:
Code:
# hostip -r 127.0.0.1 cnn.com
151.101.193.67
151.101.65.67
151.101.129.67
151.101.1.67
# hostip -r 127.0.0.2 cnn.com
151.101.129.67
151.101.193.67
151.101.65.67
151.101.1.67
The relevant part of rc.conf:
Code:
dnscrypt_proxy_enable="YES"
dnscrypt_proxy_resolver="cs-uswest2"
dnscrypt_proxy_pidfile="/var/run/dnscrypt-proxy.pid"
dnscrypt_proxy_logfile="/var/log/dnscrypt-proxy.log"
ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"
dnscrypt_proxy_flags='-a 127.0.0.2'
local_unbound_enable="YES"
Note that local_unbound is not running.
Code:
# service local_unbound status
local_unbound is not running.
Here is the error message from unbound, but the port actually is in use, so it is not really an error:
Code:
# service local_unbound start
Starting local_unbound.
[1500687204] unbound[3923:0] error: bind: address already in use
[1500687204] unbound[3923:0] fatal error: could not open ports
/etc/rc.d/local_unbound: WARNING: failed to start local_unbound
Here is where I declare the nameserver on 127.0.0.2:
Code:
# cat resolv.conf
nameserver 127.0.0.2
# nameserver 8.8.8.8
#nameserver 8.8.8.4
#nameserver 208.67.222.222
#nameserver 208.67.220.220
options edns0
#
I made sure that no dnscrypt-proxy.conf is used:
Code:
# pwd
/usr/local/etc
# ls dnscrypt-proxy.*
dnscrypt-proxy.conf.example dnscrypt-proxy.conf.save
Perhaps of use:
Code:
# netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 138.68.45.241.ssh 172.58.36.119.25726 ESTABLISHED
udp4 0 0 127.0.0.2.domain *.*
udp4 0 0 10.8.0.1.domain *.*
udp4 0 0 localhost.domain *.*
Code:
# uname -a
FreeBSD peets 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0: Tue Apr 11 08:48:40 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
#
So again, the mystery (at least to me) is how is dns provided on 127.0.0.1?