Only one domain failing to resolve, unbound pi-hole
BangDroid
bangdroid.bangas at gmail.com
Sat May 14 03:36:26 UTC 2022
Kind of pulling my hair out with this one.. The domain twitterdatadash.com will
not resolve with unbound recursively. I get SERVFAIL.
root.hints is up to date, local time on raspi is accurate. No other domains
are failing.
Both dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 and dig
sigok.verteiltesysteme.net @127.0.0.1 -p 5335 are as expected.
Switching to an upstream DNS in Pi-hole will get the domain to successfully
resolve, as well as using a standard DNS forward-zone in
unbound.conf.d/pi-hole.conf:
forward-zone:
name: "."
forward-addr: 8.8.8.8
However, if I use a DoT forward zone (because suspected possible? DNS
hijacking by ISP):
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
name: "."
forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
forward-addr: 1.0.0.1 at 853#cloudflare-dns.com
forward-ssl-upstream: yes
Everything works exactly as expected, including https://1.1.1.1/help
**except** twitterdatadash.com remains SERVFAIL.
Paste of dig outputs with various unbound configurations:
https://pastebin.com/k1LtjzHB
pi-hole.conf: https://pastebin.com/szLmcNFj
unbound logs greped with "twitterdatadash" :
'default' pihole.conf : https://pastebin.com/JmgUDSRv
with DoT: https://pastebin.com/k3UgdZD4
Accessing that domain is not crucial by any means, I am only concerned it
may be indicative of a bigger issue. It seems like there must be an issue
with my configuration somewhere, but every test I run appear to indicate no
issue. Is it possible the issue is not my end? Anyone have any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220514/7c656de2/attachment.htm>
More information about the Unbound-users
mailing list