Thanks for the reply George. This issue has resolve by it self (pun intended) without me having changed anything on my end. It was an upstream issue.
Some interesting information I'll share for posterity: Cloudflare would also not resolve the domain in question ( twitterdatadash.com). Even on my cellular device which is on a completely separate network as the unbound instance (although it would resolve using my providers default DNS). I sent Cloudflare a DM on twitter about the issue including /cdn-cgi/trace information and the message appeared to have been read. A few days later I checked the resolution of the domain using Cloudflare DNS and it succeeded. I then reconfigured my unbound instance to work recursively and the domain correctly resolves. My root.hints file remained unchanged since 12th May. Thanks All, BangDroid On Mon, 16 May 2022 at 15:04, <[email protected]> wrote: > Send Unbound-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Unbound-users digest..." > > > Today's Topics: > > 1. Re: Only one domain failing to resolve, unbound pi-hole > (George Thessalonikefs) > 2. Re: Unsubscribe me from this list (DANIEL NANGHAKA) > 3. Re: Unsubscribe me from this list (Donald Pearson) > 4. Re: Unsubscribe me from this list (Ron Varburg) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 16 May 2022 01:25:51 +0300 > From: George Thessalonikefs <[email protected]> > To: [email protected] > Subject: Re: Only one domain failing to resolve, unbound pi-hole > Message-ID: <[email protected]> > Content-Type: text/plain; charset=UTF-8; format=flowed > > Hi, > > You can use the option 'log-servfail: yes' in the configuration file. > That would make Unbound to log the reason a query is SERVFAIL'ing. > > From the output you shared it seems that Unbound itself is getting an > error answer from the server (e.g., SERVFAIL/NXDOMAIN/REFUSED) but I > can't say for sure since the grepped output hides the interesting lines. > > Best regards, > -- George > > On 14/05/2022 05:36, BangDroid via Unbound-users wrote: > > Kind of pulling my hair out with this one.. The domain > > twitterdatadash.com <http://twitterdatadash.com/>?will not resolve with > > unbound recursively. I get SERVFAIL. > > > > root.hints is up to date, local time on raspi is accurate. No other > > domains are failing. > > > > Both dig sigfail.verteiltesysteme.net > > <http://sigfail.verteiltesysteme.net/>[email protected] <http://127.0.0.1/>?-p > > > 5335 and dig sigok.verteiltesysteme.net > > <http://sigok.verteiltesysteme.net/>[email protected] <http://127.0.0.1/>?-p > > 5335 are as expected. > > > > Switching to an upstream DNS in Pi-hole will get the domain to > > successfully resolve, as well as using a standard DNS forward-zone in > > unbound.conf.d/pi-hole.conf: > > > > ? ? forward-zone: > > ? ? name: "." > > ? ? forward-addr: 8.8.8.8 > > > > However, if I use a DoT forward zone (because suspected possible? DNS > > hijacking by ISP): > > > > ? ? tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt > > ? ? forward-zone: > > ? ? ? ? name: "." > > ? ? ? ? forward-addr: 1.1.1.1@853#cloudflare-dns.com > > <http://cloudflare-dns.com/> > > ? ? ? ? forward-addr: 1.0.0.1@853#cloudflare-dns.com > > <http://cloudflare-dns.com/> > > ? ? ? ? forward-ssl-upstream: yes > > > > Everything works exactly as expected, including https://1.1.1.1/help > > <https://1.1.1.1/help>?**except** twitterdatadash.com > > <http://twitterdatadash.com/>?remains SERVFAIL. > > > > Paste of dig outputs with various unbound configurations: > > https://pastebin.com/k1LtjzHB <https://pastebin.com/k1LtjzHB> > > > > pi-hole.conf: https://pastebin.com/szLmcNFj < > https://pastebin.com/szLmcNFj> > > > > unbound logs greped with "twitterdatadash" : > > > > 'default' pihole.conf : https://pastebin.com/JmgUDSRv > > <https://pastebin.com/JmgUDSRv> > > > > with DoT: https://pastebin.com/k3UgdZD4 <https://pastebin.com/k3UgdZD4> > > > > Accessing that domain is not crucial by any means, I am only concerned > > it may be indicative of a bigger issue. It seems like there must be an > > issue with my configuration somewhere, but every test I run appear to > > indicate no issue. Is it possible the issue is not my end? Anyone have > > any ideas? > > > ------------------------------ > > Message: 2 > Date: Mon, 16 May 2022 08:23:29 +0300 > From: DANIEL NANGHAKA <[email protected]> > To: BangDroid <[email protected]> > Cc: [email protected] > Subject: Re: Unsubscribe me from this list > Message-ID: > <CAD4W+iO= > [email protected]> > Content-Type: text/plain; charset="utf-8" > > How do I get off this mailing list? > > Am happy to be removed from it. > > On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users < > [email protected]> wrote: > > > Kind of pulling my hair out with this one.. The domain > twitterdatadash.com will > > not resolve with unbound recursively. I get SERVFAIL. > > > > root.hints is up to date, local time on raspi is accurate. No other > > domains are failing. > > > > Both dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 and dig > > sigok.verteiltesysteme.net @127.0.0.1 -p 5335 are as expected. > > > > Switching to an upstream DNS in Pi-hole will get the domain to > > successfully resolve, as well as using a standard DNS forward-zone in > > unbound.conf.d/pi-hole.conf: > > > > forward-zone: > > name: "." > > forward-addr: 8.8.8.8 > > > > However, if I use a DoT forward zone (because suspected possible? DNS > > hijacking by ISP): > > > > tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt > > forward-zone: > > name: "." > > forward-addr: 1.1.1.1@853#cloudflare-dns.com > > forward-addr: 1.0.0.1@853#cloudflare-dns.com > > forward-ssl-upstream: yes > > > > Everything works exactly as expected, including https://1.1.1.1/help > > **except** twitterdatadash.com remains SERVFAIL. > > > > Paste of dig outputs with various unbound configurations: > > https://pastebin.com/k1LtjzHB > > > > pi-hole.conf: https://pastebin.com/szLmcNFj > > > > unbound logs greped with "twitterdatadash" : > > > > 'default' pihole.conf : https://pastebin.com/JmgUDSRv > > > > with DoT: https://pastebin.com/k3UgdZD4 > > > > Accessing that domain is not crucial by any means, I am only concerned it > > may be indicative of a bigger issue. It seems like there must be an issue > > with my configuration somewhere, but every test I run appear to indicate > no > > issue. Is it possible the issue is not my end? Anyone have any ideas? > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220516/a0b3165f/attachment-0001.htm > > > > ------------------------------ > > Message: 3 > Date: Mon, 16 May 2022 00:30:41 -0500 > From: Donald Pearson <[email protected]> > To: DANIEL NANGHAKA <[email protected]> > Cc: BangDroid <[email protected]>, > [email protected] > Subject: Re: Unsubscribe me from this list > Message-ID: > <CAC= > [email protected]> > Content-Type: text/plain; charset="utf-8" > > https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users > > On Mon, May 16, 2022, 12:24 AM DANIEL NANGHAKA via Unbound-users < > [email protected]> wrote: > > > How do I get off this mailing list? > > > > Am happy to be removed from it. > > > > On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users < > > [email protected]> wrote: > > > >> Kind of pulling my hair out with this one.. The domain > >> twitterdatadash.com will not resolve with unbound recursively. I get > >> SERVFAIL. > >> > >> root.hints is up to date, local time on raspi is accurate. No other > >> domains are failing. > >> > >> Both dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 and dig > >> sigok.verteiltesysteme.net @127.0.0.1 -p 5335 are as expected. > >> > >> Switching to an upstream DNS in Pi-hole will get the domain to > >> successfully resolve, as well as using a standard DNS forward-zone in > >> unbound.conf.d/pi-hole.conf: > >> > >> forward-zone: > >> name: "." > >> forward-addr: 8.8.8.8 > >> > >> However, if I use a DoT forward zone (because suspected possible? DNS > >> hijacking by ISP): > >> > >> tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt > >> forward-zone: > >> name: "." > >> forward-addr: 1.1.1.1@853#cloudflare-dns.com > >> forward-addr: 1.0.0.1@853#cloudflare-dns.com > >> forward-ssl-upstream: yes > >> > >> Everything works exactly as expected, including https://1.1.1.1/help > >> **except** twitterdatadash.com remains SERVFAIL. > >> > >> Paste of dig outputs with various unbound configurations: > >> https://pastebin.com/k1LtjzHB > >> > >> pi-hole.conf: https://pastebin.com/szLmcNFj > >> > >> unbound logs greped with "twitterdatadash" : > >> > >> 'default' pihole.conf : https://pastebin.com/JmgUDSRv > >> > >> with DoT: https://pastebin.com/k3UgdZD4 > >> > >> Accessing that domain is not crucial by any means, I am only concerned > it > >> may be indicative of a bigger issue. It seems like there must be an > issue > >> with my configuration somewhere, but every test I run appear to > indicate no > >> issue. Is it possible the issue is not my end? Anyone have any ideas? > >> > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220516/51c41974/attachment-0001.htm > > > > ------------------------------ > > Message: 4 > Date: Mon, 16 May 2022 05:33:22 +0000 (UTC) > From: Ron Varburg <[email protected]> > To: DANIEL NANGHAKA <[email protected]> > Cc: [email protected] > Subject: Re: Unsubscribe me from this list > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > You can got to https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users. > At the bottom of the page you can read: > To unsubscribe from Unbound-users, get a password reminder, or change > your subscription options enter your subscription email address: __________ > and click the unsubscribe button. On Monday, May 16, 2022, 08:24:12 AM > GMT+3, DANIEL NANGHAKA via Unbound-users <[email protected]> > wrote: > > How do I get off this mailing list? > Am happy to be removed from it.? > On Sat, May 14, 2022, 06:36 BangDroid via Unbound-users < > [email protected]> wrote: > > Kind of pulling my hair out with this one.. The domain? > twitterdatadash.com?will not resolve with unbound recursively. I get > SERVFAIL. > > root.hints is up to date, local time on raspi is accurate. No other > domains are failing. > > Both [email protected]?-p 5335 and dig? > [email protected]?-p 5335 are as expected. > > Switching to an upstream DNS in Pi-hole will get the domain to > successfully resolve, as well as using a standard DNS forward-zone in > unbound.conf.d/pi-hole.conf: > > ? ? forward-zone: > ? ? name: "." > ? ? forward-addr: 8.8.8.8 > > However, if I use a DoT forward zone (because suspected possible? DNS > hijacking by ISP): > > ? ? tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt > ? ? forward-zone: > ? ? ? ? name: "." > ? ? ? ? forward-addr: 1.1.1.1@853#cloudflare-dns.com > ? ? ? ? forward-addr: 1.0.0.1@853#cloudflare-dns.com > ? ? ? ? forward-ssl-upstream: yes > > Everything works exactly as expected, including? > https://1.1.1.1/help?**except**?twitterdatadash.com?remains SERVFAIL. > > Paste of dig outputs with various unbound configurations:? > https://pastebin.com/k1LtjzHB > > pi-hole.conf:?https://pastebin.com/szLmcNFj > > unbound logs greped with "twitterdatadash" : > > 'default' pihole.conf :?https://pastebin.com/JmgUDSRv > > with DoT:?https://pastebin.com/k3UgdZD4 > > Accessing that domain is not crucial by any means, I am only concerned it > may be indicative of a bigger issue. It seems like there must be an issue > with my configuration somewhere, but every test I run appear to indicate no > issue. Is it possible the issue is not my end? Anyone have any ideas? > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220516/3229a29b/attachment.htm > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Unbound-users mailing list > [email protected] > https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users > > > ------------------------------ > > End of Unbound-users Digest, Vol 29, Issue 11 > ********************************************* >
