Can't resolve many hosts

Luis P. Mendes luislupe at gmx.com
Sat Oct 26 15:48:50 UTC 2019 

Hi,

I've been following some tutorials and have come to the unbound.conf
configuration that is shown below.

Many sites can't be accessed, for example:

# dig https://nlnetlabs.nl

; <<>> DiG 9.10.5-P1 <<>> https://nlnetlabs.nl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48218
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;https://nlnetlabs.nl.          IN      A

;; AUTHORITY SECTION:
nl.                     600     IN      SOA     ns1.dns.nl. hostmaster.domain-registry.nl. 2019102634 3600 600 2419200 600

;; Query time: 281 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct 26 16:48:00 WEST 2019
;; MSG SIZE  rcvd: 120



The forward-addr are all of type:
        forward-addr: 208.67.220.220 at 53#resolver2.opendns.com.
I've read that this ways it enable DNSSEC validity.

Should I use one line without the '@53#resolver2.opendns.com.' part?



Luis


====  unbound.conf
server:
        include: "/usr/pkg/etc/unbound/ads.conf"
        verbosity: 1
        interface: 0.0.0.0
        access-control: 0.0.0.0/0 allow
        username: "_unbound"
        logfile: "/log/unbound.log"
        use-syslog: no
        log-time-ascii: yes
        log-queries: yes
        log-replies: yes
        root-hints: "/usr/pkg/etc/unbound/root.hints"
        hide-identity: yes
        hide-version: yes
        use-caps-for-id: yes
        private-domain: "home"
        private-domain: "lan"
        auto-trust-anchor-file: "/usr/pkg/etc/unbound/root.key"
        domain-insecure: "home"
        domain-insecure: "lan"
        unblock-lan-zones: yes
        insecure-lan-zones: yes
        local-zone: "home.lan." static
        local-data: "leao.home.lan.  IN A 192.168.1.30"
        local-data: "netpi.home.lan.  IN A 192.168.1.253"
        local-data-ptr: "192.168.1.30  leao.home.lan"
        local-data-ptr: "192.168.1.253  netpi.home.lan"
python:
remote-control:
        control-enable: yes
forward-zone:
        name: "."
        forward-addr: 208.67.222.220 at 53#resolver3.opendns.com.
        forward-addr: 91.239.100.100 at 53#anycast.censurfridns.dk.
        forward-addr: 208.67.222.222 at 53#resolver1.opendns.com.
        forward-addr: 208.67.220.220 at 53#resolver2.opendns.com.




--


Luis Mendes

More information about the Unbound-users mailing list