Re: Only one domain failing to resolve, unbound pi-hole

Sat, 14 May 2022 00:37:52 -0700 

Maybe you have DNSSEC validation enabled?

$ delv twitterdatadash.com
; unsigned answer
twitterdatadash.com.    7200    IN      A       34.96.91.68


On 5/14/22 05:36, BangDroid via Unbound-users wrote:
Kind of pulling my hair out with this one.. The domain twitterdatadash.com <http://twitterdatadash.com/> will not resolve with unbound recursively. I get SERVFAIL.
root.hints is up to date, local time on raspi is accurate. No other domains are failing.
Both dig sigfail.verteiltesysteme.net <http://sigfail.verteiltesysteme.net/> @127.0.0.1 <http://127.0.0.1/> -p 5335 and dig sigok.verteiltesysteme.net <http://sigok.verteiltesysteme.net/> @127.0.0.1 <http://127.0.0.1/> -p 5335 are as expected.
Switching to an upstream DNS in Pi-hole will get the domain to successfully resolve, as well as using a standard DNS forward-zone in unbound.conf.d/pi-hole.conf: 

     forward-zone:
     name: "."
     forward-addr: 8.8.8.8
However, if I use a DoT forward zone (because suspected possible? DNS hijacking by ISP): 

     tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
     forward-zone:
         name: "."
        forward-addr: 1.1.1.1@853#cloudflare-dns.com <http://cloudflare-dns.com/>         forward-addr: 1.0.0.1@853#cloudflare-dns.com <http://cloudflare-dns.com/> 
         forward-ssl-upstream: yes
Everything works exactly as expected, including https://1.1.1.1/help <https://1.1.1.1/help> **except** twitterdatadash.com <http://twitterdatadash.com/> remains SERVFAIL.
Paste of dig outputs with various unbound configurations: https://pastebin.com/k1LtjzHB <https://pastebin.com/k1LtjzHB> 

pi-hole.conf: https://pastebin.com/szLmcNFj <https://pastebin.com/szLmcNFj>

unbound logs greped with "twitterdatadash" :
'default' pihole.conf : https://pastebin.com/JmgUDSRv <https://pastebin.com/JmgUDSRv> 

with DoT: https://pastebin.com/k3UgdZD4 <https://pastebin.com/k3UgdZD4>
Accessing that domain is not crucial by any means, I am only concerned it may be indicative of a bigger issue. It seems like there must be an issue with my configuration somewhere, but every test I run appear to indicate no issue. Is it possible the issue is not my end? Anyone have any ideas?

Reply via email to