problem with ssl-upstream and vpn connection

vigilian.pirates at gmail.com vigilian.pirates at gmail.com
Wed May 1 14:18:21 CEST 2019


Hi,

 �

I recently wanted to setup unbound in place of dnscrypt to resolve queries with my pi-hole on my rasp. 

 �

The version of unbound available on Raspbian is 1.6.0 currently.

 �

When activating the options 

 �

 � � � ssl-upstream: yes

 � � � ssl-service-key: "/etc/ssl/certs/ca-certificates.crt"

 �

unbound stopped working and we have something like this in the logs:

 �

[1556709926] unbound[4394:0] info: server stats for thread 0: 23 queries, 7 answers from cache, 16 recursions, 0 prefetch

[1556709926] unbound[4394:0] info: server stats for thread 0: requestlist max 13 avg 1.875 exceeded 0 jostled 0

[1556709926] unbound[4394:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 16 recursion replies sent, 0 replies dropped, 0 states jostled out

[1556709926] unbound[4394:0] info: average recursion processing time 0.948223 sec

[1556709926] unbound[4394:0] info: histogram of recursion processing times

[1556709926] unbound[4394:0] info: [25%]=0.32768 median[50%]=0.603573 [75%]=0.920715

[1556709926] unbound[4394:0] info: lower(secs) upper(secs) recursions

[1556709926] unbound[4394:0] info: � � � 0.000000 � � � 0.000001 1

[1556709926] unbound[4394:0] info: � � � 0.008192 � � � 0.016384 1

[1556709926] unbound[4394:0] info: � � � 0.016384 � � � 0.032768 1

[1556709926] unbound[4394:0] info: � � � 0.262144 � � � 0.524288 4

[1556709926] unbound[4394:0] info: � � � 0.524288 � � � 1.000000 6

[1556709926] unbound[4394:0] info: � � � 1.000000 � � � 2.000000 1

[1556709926] unbound[4394:0] info: � � � 2.000000 � � � 4.000000 2

[1556709926] unbound[4394:0] debug: cache memory msg=33040 rrset=33040 infra=17292 val=40931

[1556709926] unbound[4394:0] debug: switching log to stderr

 �

 �

 �

I did also try to setup unbound to send queries through a vpn connection on the rasp itself

But I can’t resolve apparently through the vpn connection. 

I tried set it up by hardcoding the ip address from the vpn connection, same result. I tried to used udp and tcp separately, same result

 �

Am I missing something? I have connectivity through my vpn so that’s not the problem apparently. And the problem disappear as soon as I deactivate the vpn connection.

Or is all that supposed to happen in 1.6? 

 �

Does anyone have an idea about this?

 �

Thanks in advance.

 �

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://nlnetlabs.nl/pipermail/unbound-users/attachments/20190501/a8d7ca11/attachment.html>


More information about the Unbound-users mailing list