so PavelVD to my knowledge and understanding..
you run DNSCrypt via Unbound on the same port...
and it doesn't seems wright...well usually, DoT uses port 853 external and any internal you set for your loop back interface...
well i don't see any need for both of them apart of the options and settings that unbound does provide...
same set of futures and settings even more..you might have with DNScrypt v2,
and no need of unbound to run it...it still does recursive resolving as Stubby does too...if this is your goal...
Than the most interesting thing for me is, which of all above Stubby, DNScrypt, and Unbound drains less resources and provides the best and more stable/fast results...?? (all they do recursive resolving)
so far, im happy with DNSCrypt and Stubby on my units..
No, I ran Unbound on 127.0.0.1#5153, and DNSCrypt on 192.168.1.1#30. And that was for the test.
There is, apparently, a confusion: dnscrypt-proxy is NOT DNSCrypt2. Proxy is still embedded in our firmware. In combination with Unbound, it is good because it allows recursive queries (if I understand everything correctly) and encrypts them, while Unbound caches them.
I found several flaws in the current Unbound and set it aside. Switch to DNSCrypt2 from Entware. In principle, it works well, quickly, does DoH and crypt.
Actually, I would like to return to Unbound in the future. I like that not only my requests are hidden, but also the DNS server that I was accessing. I'm still looking.
It seems that I like the same as you. But I have not tried Stubby yet.
I tried 1.9.3 wired now in dd-wrt ... disappointment.
I can not get the elementary log file. It seems that everything you need is included:
Code:
logfile: "/jffs/unbound/unbound.log"
verbosity: 1 (tried from 1 to 6)
use-syslog: no
log-identity: ""
How can I check the operation of other options if the log does not work?
Has anyone managed to turn it on?
At the expense of raspberries - this is a good idea, I have been thinking about it for a long time. I have available orange_pi_pc+; maybe you can install a full Unbound on it? While it serves for other purposes. _________________ Linksys WRT1900ACSv2
Automatically adjustable temperature, always within the range of 59-68°С.
I made several more attempts to switch to Unbound, but returned to DNSCrypt2 again.
When Unbound starts, the cache is still empty and the first requests are processed for a very long time. If you just go on the Internet pages, then such delays can be tolerated. But there are several TV boxes on my network that fail, they need faster responses. Another nuisance: after a long downtime (night, for example), the cache is empty again, and it seems that there is simply no Internet. The "prefetch: yes" parameter in the settings file does not seem to correct this situation.
Please note that the file "named.cache" from the firmware is hopelessly outdated.
Joined: 03 Jan 2010 Posts: 7410 Location: YWG, Canada
Posted: Wed Apr 08, 2020 11:32 Post subject:
changing
root-hints: "/etc/unbound/named.cache"
to anything, but the default in quotes makes unbound not start.. not even changing it to the /usr/local/etc/ path the custom unbound conf is in. i cant tell if its actually using it, or the ancient default one. i did manually put a up to date named.cache in there anyway.
in attempt to use the whole root.zone locally, it does download it to /tmp on start, but again cant tell if its using it.. lookup times seem the same. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
i have limited knowledge and i'm not familiar with your setup
i'm not certain if everything gets implemented in my setup either. it runs well for me but according to the documentation some changes are dependent on how it was installed
I can start the unbound in the setup of DD-WRT but for the life of me I can not find any info on how to use the custom setting of unbound from /jffs/unbound as oppose to the default setting, at present I using dnsmasq with great result but wish to play with unbound to see what it can do, any idea people on how to get the custom setting up running.
Joined: 03 Jan 2010 Posts: 7410 Location: YWG, Canada
Posted: Fri Apr 24, 2020 10:42 Post subject:
this is my current conf for reference.. recursion, no dnssec. still trying to understand some things like target-fetch-policy, auth zone, and why root hints cant be changed etc.
