Cannot resolve .co.uk domains with VPN, local DNS using Unbound

Leen Besselink leen at consolejunkie.net
Thu May 26 10:46:18 UTC 2016 

On Thu, May 26, 2016 at 10:38:44AM +0000, Rob via Unbound-users wrote:
> Hello,
> 

Hi,

Based on the DNSSEC-root key you have in your config, I assume this will enable DNSSEC-validation.

Maybe all traffic is routed over the VPN so the other DNS-servers aren't reachable anymore ? AND the airvpn DNS-server is blocking/dropping/does not understand the DNSSEC-information.

Have you tested it while it's turned off ?

https://www.unbound.net/documentation/howto_turnoff_dnssec.html

> 
> I'm using unbound as a local DNS server on my laptop (Arch Linux). Occasionally the laptop is unable to resolve .co.uk TLDs while connected to a VPN (AirVPN using OpenVPN). When this happens the AirVPN website says their servers can still connect to .co.uk addresses, so I wonder if unbound could be causing the problem. I can't reproducibly cause the issue, which seems to happen randomly and doesn't affect any other TLDs. If I disconnect from the VPN, .co.uk addresses are resolved again.
> 
> 
> Any help would be much appreciated, even if just to confirm that unbound isn't the problem.
> 
> 
> Unbound listens on 127.0.0.1 and points all DNS queries to the AirVPN nameserver at 10.4.0.1. Queries for servers at my university get sent to the DNS at 131.227.13{0,1}.5.
> 
> 
> unbound.conf is:
> 
> -------
> 
>     include: "/etc/unbound/resolvunbound"
> 
>     server:
>          verbosity: 1
>          use-syslog: yes
>          username: "unbound"
>          directory: "/etc/unbound"
> 
>          interface: 127.0.0.1
>          trust-anchor-file: trusted-key.key
>          root-hints: "/etc/unbound/root.hints"
> 
>          local-zone: "10.in-addr.arpa." nodefault
>          local-zone: "168.192.in-addr.arpa." nodefault
> 
>     forward-zone:
>          name: "surrey.ac.uk."
>          forward-addr: 131.227.131.5     #internal dns
>          forward-addr: 131.227.130.5
>          forward-addr: 10.4.0.1                #airvpn dns
> 
>     forward-zone:
>          name: "lib.surrey.ac.uk."
>          forward-addr: 131.227.131.5
>          forward-addr: 131.227.130.5
> 
>     forward-zone:
>          name: "227.131.in-addr.arpa."
>          forward-addr: 131.227.131.5
>          forward-addr: 131.227.130.5
> -------
> 
> and openresolv is configured with resolvconf.conf:
> -------
>     name_servers=127.0.0.1
>     resolv_conf=/etc/resolv.conf
>     unbound_conf="/etc/unbound/resolvunbound"
>     private_interfaces="svpn"
> -------
> 
> Thanks in advance,
> Rob
>

More information about the Unbound-users mailing list