Only one domain failing to resolve (resolved)
BangDroid
bangdroid.bangas at gmail.com
Mon May 23 11:04:08 UTC 2022
Thanks for the reply George.
This issue has resolve by it self (pun intended) without me having changed
anything on my end. It was an upstream issue.
Some interesting information I'll share for posterity:
Cloudflare would also not resolve the domain in question (
twitterdatadash.com). Even on my cellular device which is on a completely
separate network as the unbound instance (although it would resolve using
my providers default DNS).
I sent Cloudflare a DM on twitter about the issue including /cdn-cgi/trace
information and the message appeared to have been read.
A few days later I checked the resolution of the domain using Cloudflare
DNS and it succeeded.
I then reconfigured my unbound instance to work recursively and the domain
correctly resolves.
My root.hints file remained unchanged since 12th May.
Thanks All,
BangDroid
On Mon, 16 May 2022 at 15:04, <unbound-users-request at lists.nlnetlabs.nl>
wrote:
> Send Unbound-users mailing list submissions to
> unbound-users at lists.nlnetlabs.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
> or, via email, send a message with subject or body 'help' to
> unbound-users-request at lists.nlnetlabs.nl
>
> You can reach the person managing the list at
> unbound-users-owner at lists.nlnetlabs.nl
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Unbound-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Only one domain failing to resolve, unbound pi-hole
> (George Thessalonikefs)
> 2. Re: Unsubscribe me from this list (DANIEL NANGHAKA)
> 3. Re: Unsubscribe me from this list (Donald Pearson)
> 4. Re: Unsubscribe me from this list (Ron Varburg)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 16 May 2022 01:25:51 +0300
> From: George Thessalonikefs <george at nlnetlabs.nl>
> To: unbound-users at lists.nlnetlabs.nl
> Subject: Re: Only one domain failing to resolve, unbound pi-hole
> Message-ID: <1c8baa2e-875e-da98-587e-2af00c17ca99 at nlnetlabs.nl>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi,
>
> You can use the option 'log-servfail: yes' in the configuration file.
> That would make Unbound to log the reason a query is SERVFAIL'ing.
>
> From the output you shared it seems that Unbound itself is getting an
> error answer from the server (e.g., SERVFAIL/NXDOMAIN/REFUSED) but I
> can't say for sure since the grepped output hides the interesting lines.
>
> Best regards,
> -- George
>
> On 14/05/2022 05:36, BangDroid via Unbound-users wrote:
> > Kind of pulling my hair out with this one.. The domain
> > twitterdatadash.com <http://twitterdatadash.com/>?will not resolve with
> > unbound recursively. I get SERVFAIL.
> >
> > root.hints is up to date, local time on raspi is accurate. No other
> > domains are failing.
> >
> > Both dig sigfail.verteiltesysteme.net
> > <http://sigfail.verteiltesysteme.net/>?@127.0.0.1 <http://127.0.0.1/>?-p
>
> > 5335 and dig sigok.verteiltesysteme.net
> > <http://sigok.verteiltesysteme.net/>?@127.0.0.1 <http://127.0.0.1/>?-p
> > 5335 are as expected.
> >
> > Switching to an upstream DNS in Pi-hole will get the domain to
> > successfully resolve, as well as using a standard DNS forward-zone in
> > unbound.conf.d/pi-hole.conf:
> >
> > ? ? forward-zone:
> > ? ? name: "."
> > ? ? forward-addr: 8.8.8.8
> >
> > However, if I use a DoT forward zone (because suspected possible? DNS
> > hijacking by ISP):
> >
> > ? ? tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
> > ? ? forward-zone:
> > ? ? ? ? name: "."
> > ? ? ? ? forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
> > <http://cloudflare-dns.com/>
> > ? ? ? ? forward-addr: 1.0.0.1 at 853#cloudflare-dns.com
> > <http://cloudflare-dns.com/>
> > ? ? ? ? forward-ssl-upstream: yes
> >
> > Everything works exactly as expected, including https://1.1.1.1/help
> > <https://1.1.1.1/help>?**except** twitterdatadash.com
> > <http://twitterdatadash.com/>?remains SERVFAIL.
> >
> > Paste of dig outputs with various unbound configurations:
> > https://pastebin.com/k1LtjzHB <https://pastebin.com/k1LtjzHB>
> >
> > pi-hole.conf: https://pastebin.com/szLmcNFj <
> https://pastebin.com/szLmcNFj>
> >
> > unbound logs greped with "twitterdatadash" :
> >
> > 'default' pihole.conf : https://pastebin.com/JmgUDSRv
> > <https://pastebin.com/JmgUDSRv>
> >
> > with DoT: https://pastebin.com/k3UgdZD4 <https://pastebin.com/k3UgdZD4>
> >
> > Accessing that domain is not crucial by any means, I am only concerned
> > it may be indicative of a bigger issue. It seems like there must be an
> > issue with my configuration somewhere, but every test I run appear to
> > indicate no issue. Is it possible the issue is not my end? Anyone have
> > any ideas?
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 16 May 2022 08:23:29 +0300
> From: DANIEL NANGHAKA <dndannang at gmail.com>
> To: BangDroid <bangdroid.bangas at gmail.com>
> Cc: unbound-users at lists.nlnetlabs.nl
> Subject: Re: Unsubscribe me from this list
> Message-ID:
> <CAD4W+iO=
> TXMr-XRtLypbwRwE0Mkp-wFOWHAp-3EPd3PGRdwB2A at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> How do I get off this mailing list?
>
> Am happy to be removed from it.
>
> On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users <
> unbound-users at lists.nlnetlabs.nl> wrote:
>
> > Kind of pulling my hair out with this one.. The domain
> twitterdatadash.com will
> > not resolve with unbound recursively. I get SERVFAIL.
> >
> > root.hints is up to date, local time on raspi is accurate. No other
> > domains are failing.
> >
> > Both dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 and dig
> > sigok.verteiltesysteme.net @127.0.0.1 -p 5335 are as expected.
> >
> > Switching to an upstream DNS in Pi-hole will get the domain to
> > successfully resolve, as well as using a standard DNS forward-zone in
> > unbound.conf.d/pi-hole.conf:
> >
> > forward-zone:
> > name: "."
> > forward-addr: 8.8.8.8
> >
> > However, if I use a DoT forward zone (because suspected possible? DNS
> > hijacking by ISP):
> >
> > tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
> > forward-zone:
> > name: "."
> > forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
> > forward-addr: 1.0.0.1 at 853#cloudflare-dns.com
> > forward-ssl-upstream: yes
> >
> > Everything works exactly as expected, including https://1.1.1.1/help
> > **except** twitterdatadash.com remains SERVFAIL.
> >
> > Paste of dig outputs with various unbound configurations:
> > https://pastebin.com/k1LtjzHB
> >
> > pi-hole.conf: https://pastebin.com/szLmcNFj
> >
> > unbound logs greped with "twitterdatadash" :
> >
> > 'default' pihole.conf : https://pastebin.com/JmgUDSRv
> >
> > with DoT: https://pastebin.com/k3UgdZD4
> >
> > Accessing that domain is not crucial by any means, I am only concerned it
> > may be indicative of a bigger issue. It seems like there must be an issue
> > with my configuration somewhere, but every test I run appear to indicate
> no
> > issue. Is it possible the issue is not my end? Anyone have any ideas?
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220516/a0b3165f/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 3
> Date: Mon, 16 May 2022 00:30:41 -0500
> From: Donald Pearson <donaldwhpearson at gmail.com>
> To: DANIEL NANGHAKA <dndannang at gmail.com>
> Cc: BangDroid <bangdroid.bangas at gmail.com>,
> unbound-users at lists.nlnetlabs.nl
> Subject: Re: Unsubscribe me from this list
> Message-ID:
> <CAC=
> t97DAtaY5x5cKNDZTkoaJ008+SX1PCqd_Bk7SbaX-v4zxkQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
>
> On Mon, May 16, 2022, 12:24 AM DANIEL NANGHAKA via Unbound-users <
> unbound-users at lists.nlnetlabs.nl> wrote:
>
> > How do I get off this mailing list?
> >
> > Am happy to be removed from it.
> >
> > On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users <
> > unbound-users at lists.nlnetlabs.nl> wrote:
> >
> >> Kind of pulling my hair out with this one.. The domain
> >> twitterdatadash.com will not resolve with unbound recursively. I get
> >> SERVFAIL.
> >>
> >> root.hints is up to date, local time on raspi is accurate. No other
> >> domains are failing.
> >>
> >> Both dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 and dig
> >> sigok.verteiltesysteme.net @127.0.0.1 -p 5335 are as expected.
> >>
> >> Switching to an upstream DNS in Pi-hole will get the domain to
> >> successfully resolve, as well as using a standard DNS forward-zone in
> >> unbound.conf.d/pi-hole.conf:
> >>
> >> forward-zone:
> >> name: "."
> >> forward-addr: 8.8.8.8
> >>
> >> However, if I use a DoT forward zone (because suspected possible? DNS
> >> hijacking by ISP):
> >>
> >> tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
> >> forward-zone:
> >> name: "."
> >> forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
> >> forward-addr: 1.0.0.1 at 853#cloudflare-dns.com
> >> forward-ssl-upstream: yes
> >>
> >> Everything works exactly as expected, including https://1.1.1.1/help
> >> **except** twitterdatadash.com remains SERVFAIL.
> >>
> >> Paste of dig outputs with various unbound configurations:
> >> https://pastebin.com/k1LtjzHB
> >>
> >> pi-hole.conf: https://pastebin.com/szLmcNFj
> >>
> >> unbound logs greped with "twitterdatadash" :
> >>
> >> 'default' pihole.conf : https://pastebin.com/JmgUDSRv
> >>
> >> with DoT: https://pastebin.com/k3UgdZD4
> >>
> >> Accessing that domain is not crucial by any means, I am only concerned
> it
> >> may be indicative of a bigger issue. It seems like there must be an
> issue
> >> with my configuration somewhere, but every test I run appear to
> indicate no
> >> issue. Is it possible the issue is not my end? Anyone have any ideas?
> >>
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220516/51c41974/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 4
> Date: Mon, 16 May 2022 05:33:22 +0000 (UTC)
> From: Ron Varburg <ronvarburg at yahoo.com>
> To: DANIEL NANGHAKA <dndannang at gmail.com>
> Cc: unbound-users at lists.nlnetlabs.nl
> Subject: Re: Unsubscribe me from this list
> Message-ID: <539673813.2057345.1652679202125 at mail.yahoo.com>
> Content-Type: text/plain; charset="utf-8"
>
> You can got to https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users.
> At the bottom of the page you can read:
> To unsubscribe from Unbound-users, get a password reminder, or change
> your subscription options enter your subscription email address: __________
> and click the unsubscribe button. On Monday, May 16, 2022, 08:24:12 AM
> GMT+3, DANIEL NANGHAKA via Unbound-users <unbound-users at lists.nlnetlabs.nl>
> wrote:
>
> How do I get off this mailing list?
> Am happy to be removed from it.?
> On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users <
> unbound-users at lists.nlnetlabs.nl> wrote:
>
> Kind of pulling my hair out with this one.. The domain?
> twitterdatadash.com?will not resolve with unbound recursively. I get
> SERVFAIL.
>
> root.hints is up to date, local time on raspi is accurate. No other
> domains are failing.
>
> Both dig?sigfail.verteiltesysteme.net?@127.0.0.1?-p 5335 and dig?
> sigok.verteiltesysteme.net?@127.0.0.1?-p 5335 are as expected.
>
> Switching to an upstream DNS in Pi-hole will get the domain to
> successfully resolve, as well as using a standard DNS forward-zone in
> unbound.conf.d/pi-hole.conf:
>
> ? ? forward-zone:
> ? ? name: "."
> ? ? forward-addr: 8.8.8.8
>
> However, if I use a DoT forward zone (because suspected possible? DNS
> hijacking by ISP):
>
> ? ? tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
> ? ? forward-zone:
> ? ? ? ? name: "."
> ? ? ? ? forward-addr: 1.1.1.1 at 853#cloudflare-dns.com
> ? ? ? ? forward-addr: 1.0.0.1 at 853#cloudflare-dns.com
> ? ? ? ? forward-ssl-upstream: yes
>
> Everything works exactly as expected, including?
> https://1.1.1.1/help?**except**?twitterdatadash.com?remains SERVFAIL.
>
> Paste of dig outputs with various unbound configurations:?
> https://pastebin.com/k1LtjzHB
>
> pi-hole.conf:?https://pastebin.com/szLmcNFj
>
> unbound logs greped with "twitterdatadash" :
>
> 'default' pihole.conf :?https://pastebin.com/JmgUDSRv
>
> with DoT:?https://pastebin.com/k3UgdZD4
>
> Accessing that domain is not crucial by any means, I am only concerned it
> may be indicative of a bigger issue. It seems like there must be an issue
> with my configuration somewhere, but every test I run appear to indicate no
> issue. Is it possible the issue is not my end? Anyone have any ideas?
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220516/3229a29b/attachment.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
>
>
> ------------------------------
>
> End of Unbound-users Digest, Vol 29, Issue 11
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220523/9f11de88/attachment-0001.htm>
More information about the Unbound-users
mailing list