[arch-general] unbound will not start with dnscrypt

niya levi niyalevi at gmail.com
Mon Apr 18 13:52:51 UTC 2016

my setup
nsd listening on localhost port 53530
dnscrypt-proxy listening on localhost port 40 using
both start up and run without errors
dns and dnssec works fine without dnscrypt
when i uncomment the forward-zone lines unbound is unable to start
can anyone spot where i have made an error ?

thanks Shadrock


    verbosity: 3
    username: "unbound"
    port: 53
    do-ip4: yes
    do-ip6: no
    do-udp: yes
    do-tcp: yes
    do-daemonize: no
    access-control: refuse
    access-control: allow
    access-control: allow
    directory: "/etc/unbound"
    logfile: "/unbound/unbound.log"
    pidfile: "/var/run/unbound.pid"
    root-hints: "/etc/unbound/root.hints"
    hide-identity: yes
    hide-version: yes
    harden-glue: yes
    harden-dnssec-stripped: yes
    use-caps-for-id: yes
    cache-min-ttl: 3600
    cache-max-ttl: 86400
    prefetch: yes
    prefetch-key: yes
    extended-statistics: yes  
    num-threads: 4
    msg-cache-slabs: 4
    rrset-cache-slabs: 4
    infra-cache-slabs: 4
    key-cache-slabs: 4
    rrset-cache-size: 256m
    msg-cache-size: 128m
    private-domain: "mydomain.co.uk"
    unwanted-reply-threshold: 10000
    do-not-query-localhost: no
    trust-anchor-file: "trusted-key.key"
    val-clean-additional: yes

#           forward-zone:
#           name: "."
#        forward-addr: at 40

   # This local-zone line will tell unbound that private addresses like
   # can send queries to a stub zone authoritative server
like NSD.
   local-zone: "10.in-addr.arpa." nodefault

   # FORWARD lookup stub zone pointing to the NSD authoritative server.
        name: "mydomain.co.uk"
        stub-addr: at 53530

   # REVERSE (rDNS) dns lookup for the mydomain.co.uk zone.
        name: "1.2.10.in-addr.arpa."
        stub-addr: at 53530

   ## unbound.conf

More information about the arch-general mailing list