DNSCRYPT-Proxy causes slowdown on one service only

[daemonbak]

Testing my new firewall running pf on OpenBSD I have noticed something quite odd.

All of my machines get a constant 60Mbps downstream. Except for he xbox. I had originally thought hat maybe one of my pf rules was causing the issue.

I have since narrowed it down to the dnxcrypt proxy.

If I keep this rule in place:

Code:

### Block Rogue DNS requests from LAN clients on port 53 then log and Redirect to use DNSCrypt and Unbound
block return out quick log on egress proto { tcp udp } from any to any port 53
pass in on em1 inet proto { tcp udp } from any to ! 192.168.10.1 port 53 rdr-to 192.168.10.1

My down speed goes from 66Mbps to ~9Mbps. If I comment out the first rule (block) above and then allow the xbox to use the old ns1.pbi.net dns, it gets it's speed back. Re-Enable the block rule and it slows to a crawl.

I have looked everywhere on google trying to see if I can find a reference to this and no go. i have tried specifying multiple dnscrypt servers on the list, turning dnssec off and no change.

How would one go about resolving this as it seems to be the dnscrypt that is causing the issues.

Could I just change the rules as follows (change in bold):

Code:

### Block Rogue DNS requests from LAN clients on port 53 then log and Redirect to use DNSCrypt and Unbound
block return out quick log on egress proto { tcp udp } from ! $xbox to any port 53
pass in on em1 inet proto { tcp udp } from any to ! 192.168.10.1 port 53 rdr-to 192.168.10.1

And if I were to do that change, would all other devices on the network still follow the original rool since I changed it from any to any TO ! $xbox to any

Open to any ideas to fix the speed issue with dnscrypt.

Thanks