[dnsdist] DNScrypt with DNSDist

Sayan Bhattacharyya sohamb03 at outlook.com
Mon Dec 28 16:12:08 UTC 2020

Sorry for the late reply, I had examinations ongoing.

So I have a certificate and a private key from LE. I've generated the public key for that certificate. Quoting the guide @ https://www.dnsdist.org/guides/dnscrypt.html - "To generate the provider and resolver certificates and keys, you can simply do: ...", so I issued the two commands, and I expected to find a resolver.cert and a resolver.key, in the /etc/dnsdist directory, or /ssl subdirectory. Those two files in turn will be used for the DNScrypt bind if I understand correctly. However, there are no such files, and I can confirm that DNSDist has write permissions in that directory.

From: dnsdist <dnsdist-bounces at mailman.powerdns.com> on behalf of Jacob Bunk Nielsen via dnsdist <dnsdist at mailman.powerdns.com>
Sent: Tuesday, December 15, 2020 11:10 AM
To: dnsdist at mailman.powerdns.com <dnsdist at mailman.powerdns.com>
Subject: Re: [dnsdist] DNScrypt with DNSDist


I read the list, so no need to write me in person.

On 15/12/2020 06.27, Sayan Bhattacharyya wrote:
> [root at t2 ~]#  dnsdist -e
> 'generateDNSCryptProviderKeys("/etc/dnsdist/ssl/pub.key",
> "/etc/dnsdist/ssl/t2.xolentum.net.key")' --verbose
> Read configuration from '/etc/dnsdist/dnsdist.conf'
> Adding server to default pool
> Connecting to
> Provider fingerprint is:
> 6BEA:CDAB:114C:E2E5:DA96:743F:A6FB:4941:CEF6:B434:9C8B:CA5F:FE44:A9B3:7F23:70C0
> And tried searching the entire /, no resolver.key or similar file found.

So you generated a key and put it in a file called t2.xolentum.net.key
and then expect to find a file called resolver.key? How should that work?

What ended up in /etc/dnsdist/ssl/ ?

Best regards,


dnsdist mailing list
dnsdist at mailman.powerdns.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20201228/cbbed9c7/attachment.htm>

More information about the dnsdist mailing list