The issue I am facing:
can not open one domain of Czech National Railway Company cd.cz
Details about my system:
VM of Debian 12 Bookworm x64 running pi-hole with unbound as recursive DNS, 1 main DNS VIP address for 2 pi-hole via keepalived with same pi-hole running on physical rpi2 as a backup failover using this setup synced via gravity sync (when one is offline, the other one will work). OPNSense as router with unbound OFF on opnsense (pi-hole and unbound is running only on pi-hole VM / rpi2) used this setup.
This everything working like it should, same issues is on physical rpi pi-hole and VM one...
uname -a
Linux pihole 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux
pi-hole showing me
OK (answered by localhost#5335)
BOGUS (refused upstream) SERVFAIL (0.5ms)
tried to get access that site with DNSSEC on and off, same result...
dig cd.cz
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> cd.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27244
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;cd.cz. IN A;; Query time: 31 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Thu Mar 14 16:44:03 CET 2024
;; MSG SIZE rcvd: 34
timedatectl status
Local time: Thu 2024-03-14 17:01:09 CET Universal time: Thu 2024-03-14 16:01:09 UTC RTC time: Thu 2024-03-14 16:01:09 Time zone: Europe/Prague (CET, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
Running on protectli VP2420
OPNSense in VM, 2 NIC are PCIe Passthroygh to OPNSense VM. (as DHCP server)
Pi-hole in VM
hypervisor: proxmox.
pi-hole VM:
neofetch
root@pihole
-----------
OS: Debian GNU/Linux 12 (bookworm) x86_64
Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-8.1)
Kernel: 6.1.0-18-amd64
Uptime: 18 mins
Packages: 1474 (dpkg)
Shell: bash 5.2.15
Resolution: 1280x800
Terminal: /dev/pts/0
CPU: Intel Celeron J6412 (4) @ 1.996GHz
GPU: 00:02.0 Vendor 1234 Device 1111
Memory: 288MiB / 1966MiB
Edge browser showing me!
DNS_PROBE_FINISHED_NXDOMAIN
Opera Browser showing me:
ERR_NAME_NOT_RESOLVED
In Firefox it is working from third party nextdns.io provider but from internal pi-hole it is not resolving.
Hmm. We’re having trouble finding that site.
We can’t connect to the server at cd.cz.
If you entered the right address, you can:
Try again later Check your network connection Check that Firefox has permission to access the web (you might be connected but behind a firewall)
in cd.cz android mobile app not working.
On Mobile data it is working.
when I check tail pihole.log and F5 refreshing that site, I have the same result:
Mar 14 17:13:29: query[A] cd.cz from 192.168.1.1
Mar 14 17:13:29: forwarded cd.cz to 127.0.0.1#5335
Mar 14 17:13:29: validation cd.cz is BOGUS
Mar 14 17:13:29: reply error is SERVFAIL
Mar 14 17:13:29: query[HTTPS] cd.cz from 192.168.1.1
Mar 14 17:13:29: forwarded cd.cz to 127.0.0.1#5335
Mar 14 17:13:29: validation cd.cz is BOGUS
Mar 14 17:13:29: reply error is SERVFAIL
Mar 14 17:13:29: query[A] cd.cz from 192.168.1.1
Mar 14 17:13:29: forwarded cd.cz to 127.0.0.1#5335
Mar 14 17:13:29: validation cd.cz is BOGUS
Mar 14 17:13:29: reply error is SERVFAIL
Mar 14 17:13:29: query[HTTPS] cd.cz from 192.168.1.1
Mar 14 17:13:29: forwarded cd.cz to 127.0.0.1#5335
Mar 14 17:13:29: validation cd.cz is BOGUS
Mar 14 17:13:29: reply error is SERVFAIL
I am adding diagnosis file debug log token:
https://tricorder.pi-hole.net/hLsmJnwK/
My pi-hole VM is rebooting every hour in 45th minute just to be sure the dns resolving are working (after reboot it is always working)
First one is pi-hole VM (the main) restarting every hour in 45th minute
Second one is pi-hole on rpi2 (backup failover) resolving everything after every 45th minute of every hour while the main VM pi-hole is restarted and up and running, everything works great...
What I have changed since installing Pi-hole:
Nothing, never worked...