https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
On Mon, May 16, 2022, 12:24 AM DANIEL NANGHAKA via Unbound-users < [email protected]> wrote: > How do I get off this mailing list? > > Am happy to be removed from it. > > On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users < > [email protected]> wrote: > >> Kind of pulling my hair out with this one.. The domain >> twitterdatadash.com will not resolve with unbound recursively. I get >> SERVFAIL. >> >> root.hints is up to date, local time on raspi is accurate. No other >> domains are failing. >> >> Both dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 and dig >> sigok.verteiltesysteme.net @127.0.0.1 -p 5335 are as expected. >> >> Switching to an upstream DNS in Pi-hole will get the domain to >> successfully resolve, as well as using a standard DNS forward-zone in >> unbound.conf.d/pi-hole.conf: >> >> forward-zone: >> name: "." >> forward-addr: 8.8.8.8 >> >> However, if I use a DoT forward zone (because suspected possible? DNS >> hijacking by ISP): >> >> tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt >> forward-zone: >> name: "." >> forward-addr: 1.1.1.1@853#cloudflare-dns.com >> forward-addr: 1.0.0.1@853#cloudflare-dns.com >> forward-ssl-upstream: yes >> >> Everything works exactly as expected, including https://1.1.1.1/help >> **except** twitterdatadash.com remains SERVFAIL. >> >> Paste of dig outputs with various unbound configurations: >> https://pastebin.com/k1LtjzHB >> >> pi-hole.conf: https://pastebin.com/szLmcNFj >> >> unbound logs greped with "twitterdatadash" : >> >> 'default' pihole.conf : https://pastebin.com/JmgUDSRv >> >> with DoT: https://pastebin.com/k3UgdZD4 >> >> Accessing that domain is not crucial by any means, I am only concerned it >> may be indicative of a bigger issue. It seems like there must be an issue >> with my configuration somewhere, but every test I run appear to indicate no >> issue. Is it possible the issue is not my end? Anyone have any ideas? >> >
