my setup
nsd listening on localhost port 53530
dnscrypt-proxy listening on localhost port 40 using
both start up and run without errors
dns and dnssec works fine without dnscrypt
when i uncomment the forward-zone lines unbound is unable to start
can anyone spot where i have made an error ?
thanks Shadrock
unbound.conf
==============
server:
verbosity: 3
username: "unbound"
interface: 127.0.0.1
interface: 10.2.1.4
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: no
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 10.2.1.0/8 allow
directory: "/etc/unbound"
logfile: "/unbound/unbound.log"
pidfile: "/var/run/unbound.pid"
root-hints: "/etc/unbound/root.hints"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
prefetch: yes
prefetch-key: yes
extended-statistics: yes
num-threads: 4
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
rrset-cache-size: 256m
msg-cache-size: 128m
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-domain: "mydomain.co.uk"
unwanted-reply-threshold: 10000
do-not-query-localhost: no
trust-anchor-file: "trusted-key.key"
val-clean-additional: yes
# forward-zone:
# name: "."
# forward-addr: 127.0.0.1@40
# This local-zone line will tell unbound that private addresses like
# 10.2.1.0/8 can send queries to a stub zone authoritative server
like NSD.
local-zone: "10.in-addr.arpa." nodefault
# FORWARD lookup stub zone pointing to the NSD authoritative server.
#
stub-zone:
name: "mydomain.co.uk"
stub-addr: 127.0.0.1@53530
# REVERSE (rDNS) dns lookup for the mydomain.co.uk zone.
stub-zone:
name: "1.2.10.in-addr.arpa."
stub-addr: 127.0.0.1@53530
## unbound.conf
