I have an AP running debian. My laptop connects to the AP and I am interested in using this AP to query DNS over Tor. My unbound config looks like this:
interface: 192.168.1.1
access-control: 192.168.1.0/24 allow
do-not-query-address: 127.0.0.1/8
do-not-query-address: ::1
#do-not-query-localhost: no
tcp-upstream: yes
do-udp: yes
do-tcp: yes
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
#forward-addr: 192.168.1.1@5353 #also tried this
#forward-addr: 0.0.0.0@5353 #and this
My torrc looks like this:
DNSPort 5353
DNSListenAddress 192.168.1.1
However, regardless of how much I try, I cannot get unbound to query tor. When I log in to the AP, I am able to do:
tor-resolve google.com
and it works correctly. From my laptop if I try:
dig @192.168.1.1 -p 5353 google.com
It also works correctly. But if I do:
dig @192.168.1.1 -p 53 google.com
It returns empty (no error, quickly returns without an IP address). After much head banging I decided to ask here. Any help will be appreciated.
Try to add this to your unbound.conf file:
do-not-query-localhost: no
(source: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=638)