Hi, A few days ago I had some trouble resolving my website schweinfurtdating.de from home. Chrome running on OpenBSD-current from March 18th would report NXDOMAIN. I had to reload a few times to get the webpage, it was a weird experience. Since I run a very unique dns setup with TSIG'ed BIND nameservers at first I thought it was anywhere between application layer and those servers inbetween.
However when I checked schweinfurtdating.de today the image refused to load and I found that very weird. I happen to run a log of the lookups and found this: Apr 7 15:30:09 yellow delphinusdnsd[9644]: request on descriptor 16 interface " 2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=56, regi on=8) for "2019.schweinfurtdating.de." type=AAAA(28) class=1, edns0, dnssecok, a nswering "2019.schweinfurtdating.de." (54/54) Apr 7 15:30:09 yellow delphinusdnsd[85741]: request on descriptor 3 interface " 2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=TCP, reg ion=8) for "2019.schweinfurtdating.de." type=AAAA(28) class=1, edns0, dnssecok, answering "2019.schweinfurtdating.de." (54/56) Apr 7 15:30:09 yellow delphinusdnsd[9644]: request on descriptor 16 interface $ 2001:19f0:6c01:1fad::1" from 2003:cb:3fff:4c23:b7c7:eef2:da93:5f15 (ttl=56, reg$ on=8) for "de.centroid.eu." type=A(1) class=1, edns0, dnssecok, answering "NXDO$ AIN" So there is a lookup right after 2019.schweinfurtdating.de from the same IP6 that isn't even in my forwarders and my server replied with NXDOMAIN. I hunted through my html text to see where it got de.centroid.eu from and it doesn't exist. So I'm wondering if unwind is somehow generating the lookup for de.centroid.eu falsely and somehow influencing chrome? Perhaps treating a lookup as an NXDOMAIN'ed answer? My /etc/unwind.conf file looks like this: beta$ more /etc/unwind.conf forwarder 192.168.177.3 And somehow unwind is not preferring the forwarder for some reason. Is this a misconfig on my end? I want it to always use 192.168.177.3, as otherwise the DNS travels through DTAG (telekom.de), and I don't want that. The log does state though it came from DTAG. Many questions in one, I'm trying to figure out what went wrong that day and this lookup today. Regards, -peter
