My guess is that I need to put the VPN DNSServer IP into the nf for ResolverName since this is the last point of exit?Ī bonus question would be why do I only need to target unbound to the already present trust-anchor-file in the unbound destination? and do I need to replace it with some key I need to generate for my machine or is that automatically done when setting up unbound? My question finally is, how would I need to set it up that I can use Unbound + DNSCrypt + DNSSEC with the VPN DNS Servers? I hope they support DNSSEC but being a VPN and about security and all I figure they do.
![how to use dnscrypt with vpn how to use dnscrypt with vpn](https://forum.gl-inet.com/uploads/default/original/2X/0/072c8acec38837e81a892175ce477a0c131ab774.png)
through unbound which sends it to DNSCrypt to be encrypted then DNSSEC checks if the origin server of the DNS is a valid one and finally I get the IP for the DNS if that is the case. From what I read so far it goes like this:ĭNS request gets managed/cached etc. Also, I am not quite sure about how DNSSEC works inbetween all those factors to validate the DNS requests. I have setup ubound successfully and also DNSSEC as well as DNSCrypt but I have some questions how I coordinate it with the VPN and its DNS Servers.
![how to use dnscrypt with vpn how to use dnscrypt with vpn](https://www.itchy.nl/static/1d6aabdd3323302bc20ed36bc4dd500f/d1b73/pihole-dns-settings-md.png)
Now, I want to use unbound along with DNSCrypt and DNSSEC. To prevent DNS leaks in the past I had an iptables rule written that only allows requests to the privateinternetaccess DNS servers, which I will now dump I suppose. I am using privateinterentaccess for a while now and the VPN is correctly setup in Networkmanager using the openvpn extension. This is not a post about an error but a polite request for somebody with a deeper understanding to explain how Unbound, DNSCrypt, and DNSSEC work with a VPN.
![how to use dnscrypt with vpn how to use dnscrypt with vpn](https://windows-cdn.softpedia.com/screenshots/thumbs/DNSCrypt-Proxy-thumb.png)
I finally got around to setup my DNS queries.