Trying to find out why my unbound will not resolve www.startpuntgeldzaken.nl
gerben.wierda at rna.nl
Wed May 5 22:01:43 UTC 2021
> On 5 May 2021, at 23:41, Joe Abley <jabley at hopcount.ca> wrote:
> On 5 May 2021, at 16:23, Gerben Wierda via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
>> What I see is this (reliably)
>> When asking 126.96.36.199 or 188.8.131.52 directly, the name is resolved.
>> But when unbound forwards to 184.108.40.206 or 220.127.116.11, it fails.
>> In other words: I can realiable ask 18.104.22.168 for www.startpuntgeldzaken.nl but I cannot get unbound to get that same info via a forward.
> My instinct is that this has nothing to do with the domain name in question, nothing to do with what is happening at 22.214.171.124 or 126.96.36.199 and nothing to do with where that domain name is hosted.
> I think if you look at the packets on the wire you will find either (a) the source address of upstream queries sent from your unbound instance is not reachable across the Internet, e.g. you're missing a NAT or you have multiple interfaces on the host running unbound, and the outbound interface is filtered or otherwise not as functional as you expect, or (b) you have firewall rules or other device permission constraints on the host running unbound that are different from what happens when you run dig.
Is this a possible scenario when for 99.9% of queries there is no problem at all? Basically, when I query for about everything else it just works.
> If I'm wrong I'll buy you a beer the next time we are all allowed to meet in person. :-)
I’ll buy you one (or two, three) if I find out what is happening here and we meet. Seriously, I would not even be able to receive your mail when my DNS was so horribly broken.
I ran this:
bash-3.2# unbound-control -c unbound-noforwarders.conf verbosity 4; dig @192.168.2.66 -p 1053 www.startpuntgeldzaken.nl; unbound-control -c unbound-noforwarders.conf verbosity 2
and it gives me a lot of debugging from my unbound instance that is doing no forwarding at all (I have a special nonforwarding instance listening at port 1053 especially for rspamd). I can share that with someone who understands it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Unbound-users