Only one domain failing to resolve, unbound pi-hole

BangDroid bangdroid.bangas at
Sat May 14 03:36:26 UTC 2022

Kind of pulling my hair out with this one.. The domain will
not resolve with unbound recursively. I get SERVFAIL.

root.hints is up to date, local time on raspi is accurate. No other domains
are failing.

Both dig @ -p 5335 and dig @ -p 5335 are as expected.

Switching to an upstream DNS in Pi-hole will get the domain to successfully
resolve, as well as using a standard DNS forward-zone in

    name: "."

However, if I use a DoT forward zone (because suspected possible? DNS
hijacking by ISP):

    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
        name: "."
        forward-addr: at
        forward-addr: at
        forward-ssl-upstream: yes

Everything works exactly as expected, including
 **except** remains SERVFAIL.

Paste of dig outputs with various unbound configurations:


unbound logs greped with "twitterdatadash" :

'default' pihole.conf :

with DoT:

Accessing that domain is not crucial by any means, I am only concerned it
may be indicative of a bigger issue. It seems like there must be an issue
with my configuration somewhere, but every test I run appear to indicate no
issue. Is it possible the issue is not my end? Anyone have any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list