Only one domain failing to resolve, unbound pi-hole
georg at syscid.com
Sat May 14 07:27:17 UTC 2022
Maybe you have DNSSEC validation enabled?
$ delv twitterdatadash.com
; unsigned answer
twitterdatadash.com. 7200 IN A 184.108.40.206
On 5/14/22 05:36, BangDroid via Unbound-users wrote:
> Kind of pulling my hair out with this one.. The domain
> twitterdatadash.com <http://twitterdatadash.com/> will not resolve with
> unbound recursively. I get SERVFAIL.
> root.hints is up to date, local time on raspi is accurate. No other
> domains are failing.
> Both dig sigfail.verteiltesysteme.net
> <http://sigfail.verteiltesysteme.net/> @127.0.0.1 <http://127.0.0.1/> -p
> 5335 and dig sigok.verteiltesysteme.net
> <http://sigok.verteiltesysteme.net/> @127.0.0.1 <http://127.0.0.1/> -p
> 5335 are as expected.
> Switching to an upstream DNS in Pi-hole will get the domain to
> successfully resolve, as well as using a standard DNS forward-zone in
> name: "."
> forward-addr: 220.127.116.11
> However, if I use a DoT forward zone (because suspected possible? DNS
> hijacking by ISP):
> tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
> name: "."
> forward-addr: 18.104.22.168 at 853#cloudflare-dns.com
> forward-addr: 22.214.171.124 at 853#cloudflare-dns.com
> forward-ssl-upstream: yes
> Everything works exactly as expected, including https://126.96.36.199/help
> <https://188.8.131.52/help> **except** twitterdatadash.com
> <http://twitterdatadash.com/> remains SERVFAIL.
> Paste of dig outputs with various unbound configurations:
> https://pastebin.com/k1LtjzHB <https://pastebin.com/k1LtjzHB>
> pi-hole.conf: https://pastebin.com/szLmcNFj <https://pastebin.com/szLmcNFj>
> unbound logs greped with "twitterdatadash" :
> 'default' pihole.conf : https://pastebin.com/JmgUDSRv
> with DoT: https://pastebin.com/k3UgdZD4 <https://pastebin.com/k3UgdZD4>
> Accessing that domain is not crucial by any means, I am only concerned
> it may be indicative of a bigger issue. It seems like there must be an
> issue with my configuration somewhere, but every test I run appear to
> indicate no issue. Is it possible the issue is not my end? Anyone have
> any ideas?
More information about the Unbound-users