How do I get off this mailing list? Am happy to be removed from it.
On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users < [email protected]> wrote: > Kind of pulling my hair out with this one.. The domain twitterdatadash.com > will > not resolve with unbound recursively. I get SERVFAIL. > > root.hints is up to date, local time on raspi is accurate. No other > domains are failing. > > Both dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 and dig > sigok.verteiltesysteme.net @127.0.0.1 -p 5335 are as expected. > > Switching to an upstream DNS in Pi-hole will get the domain to > successfully resolve, as well as using a standard DNS forward-zone in > unbound.conf.d/pi-hole.conf: > > forward-zone: > name: "." > forward-addr: 8.8.8.8 > > However, if I use a DoT forward zone (because suspected possible? DNS > hijacking by ISP): > > tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt > forward-zone: > name: "." > forward-addr: 1.1.1.1@853#cloudflare-dns.com > forward-addr: 1.0.0.1@853#cloudflare-dns.com > forward-ssl-upstream: yes > > Everything works exactly as expected, including https://1.1.1.1/help > **except** twitterdatadash.com remains SERVFAIL. > > Paste of dig outputs with various unbound configurations: > https://pastebin.com/k1LtjzHB > > pi-hole.conf: https://pastebin.com/szLmcNFj > > unbound logs greped with "twitterdatadash" : > > 'default' pihole.conf : https://pastebin.com/JmgUDSRv > > with DoT: https://pastebin.com/k3UgdZD4 > > Accessing that domain is not crucial by any means, I am only concerned it > may be indicative of a bigger issue. It seems like there must be an issue > with my configuration somewhere, but every test I run appear to indicate no > issue. Is it possible the issue is not my end? Anyone have any ideas? >
