<div dir="auto"><a href="https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users">https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users</a></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 16, 2022, 12:24 AM DANIEL NANGHAKA via Unbound-users <<a href="mailto:unbound-users@lists.nlnetlabs.nl">unbound-users@lists.nlnetlabs.nl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">How do I get off this mailing list?<div dir="auto"><br></div><div dir="auto">Am happy to be removed from it. </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users <<a href="mailto:unbound-users@lists.nlnetlabs.nl" target="_blank" rel="noreferrer">unbound-users@lists.nlnetlabs.nl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Kind of pulling my hair out with this one.. The domain <a href="http://twitterdatadash.com/" rel="noreferrer noreferrer" target="_blank">twitterdatadash.com</a> will not resolve with unbound recursively. I get SERVFAIL.<br><br>root.hints is up to date, local time on raspi is accurate. No other domains are failing.<br><br>Both dig <a href="http://sigfail.verteiltesysteme.net/" rel="noreferrer noreferrer" target="_blank">sigfail.verteiltesysteme.net</a> @<a href="http://127.0.0.1/" rel="noreferrer noreferrer" target="_blank">127.0.0.1</a> -p 5335 and dig <a href="http://sigok.verteiltesysteme.net/" rel="noreferrer noreferrer" target="_blank">sigok.verteiltesysteme.net</a> @<a href="http://127.0.0.1/" rel="noreferrer noreferrer" target="_blank">127.0.0.1</a> -p 5335 are as expected.<br><br>Switching to an upstream DNS in Pi-hole will get the domain to successfully resolve, as well as using a standard DNS forward-zone in unbound.conf.d/pi-hole.conf:<br><br> forward-zone:<br> name: "."<br> forward-addr: 8.8.8.8<br><br>However, if I use a DoT forward zone (because suspected possible? DNS hijacking by ISP):<br><br> tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt<br> forward-zone:<br> name: "."<br> forward-addr: 1.1.1.1@853#<a href="http://cloudflare-dns.com/" rel="noreferrer noreferrer" target="_blank">cloudflare-dns.com</a><br> forward-addr: 1.0.0.1@853#<a href="http://cloudflare-dns.com/" rel="noreferrer noreferrer" target="_blank">cloudflare-dns.com</a><br> forward-ssl-upstream: yes<br><br>Everything works exactly as expected, including <a href="https://1.1.1.1/help" rel="noreferrer noreferrer" target="_blank">https://1.1.1.1/help</a> **except** <a href="http://twitterdatadash.com/" rel="noreferrer noreferrer" target="_blank">twitterdatadash.com</a> remains SERVFAIL.<br><br>Paste of dig outputs with various unbound configurations: <a href="https://pastebin.com/k1LtjzHB" rel="noreferrer noreferrer" target="_blank">https://pastebin.com/k1LtjzHB</a><br><br>pi-hole.conf: <a href="https://pastebin.com/szLmcNFj" rel="noreferrer noreferrer" target="_blank">https://pastebin.com/szLmcNFj</a><br><br>unbound logs greped with "twitterdatadash" :<br><br>'default' pihole.conf : <a href="https://pastebin.com/JmgUDSRv" rel="noreferrer noreferrer" target="_blank">https://pastebin.com/JmgUDSRv</a><br><br>with DoT: <a href="https://pastebin.com/k3UgdZD4" rel="noreferrer noreferrer" target="_blank">https://pastebin.com/k3UgdZD4</a><br><br>Accessing that domain is not crucial by any means, I am only concerned it may be indicative of a bigger issue. It seems like there must be an issue with my configuration somewhere, but every test I run appear to indicate no issue. Is it possible the issue is not my end? Anyone have any ideas?</div>
</blockquote></div>
</blockquote></div>