I dont see any servers that could create a loop or a partial one.
Yes.
But before you remove the others, make sure Unbound is functioning properly by running below ones:
$ dig +noall +comments +answer @127.0.0.1 -p 5335 bogus.nlnetlabs.nl
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5007
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
$ dig +noall +comments +answer +ad @127.0.0.1 -p 5335 cloudflare.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59669
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; ANSWER SECTION:
cloudflare.com. 300 IN A 104.16.132.229
cloudflare.com. 300 IN A 104.16.133.229
The first command should return a SERVFAIL status and no IP address ANSWER .NOERROR status plus an IP address in the ANSWER section in addition to an ad flag.
Ps. those dig 's are from below pull to adjust the ones in the official Pi-hole guide:
master ← HeliusMagnum:master
opened 05:31AM - 12 Jun 25 UTC
## Thank you for your contribution to the Pi-hole Community!
Please read the … comments below to help us consider your Pull Request.
We are all volunteers and completing the process outlined will help us review your commits quicker.
**Please make sure you**
1. Base your code and PRs against the repositories developmental branch.
2. [Sign Off](https://docs.pi-hole.net/guides/github/how-to-signoff/) all commits as we enforce the [DCO](https://docs.pi-hole.net/guides/github/dco/) for all contributions
3. [Sign](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) all your commits as they must have verified signatures
4. File a pull request for any change that requires changes to [our documentation](https://docs.pi-hole.net/) at our [documentation repo](https://github.com/pi-hole/docs)
---
**What does this PR aim to accomplish?:**
Fix the issue with `fail01.dnssec.works` returning `NOERROR`
**How does this PR accomplish the above?:**
Changes the test domain for a bogus DNSSEC validation to bogus.nlnetlabs.nl which returns `SERVERFAIL`
Changes the test domain for a successful DNSSEC validation to `cloudflare.com` to avoid any future misconfiguration with the `dnssec.works` domains, specifying the `+ad` flag.
resolves #1251
---
**By submitting this pull request, I confirm the following:**
1. I have read and understood the [contributors guide](https://docs.pi-hole.net/guides/github/contributing/), as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code and I have tested my changes.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1)
5. I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html))
6. I have checked that another pull request for this purpose does not exist.
7. I have considered, and confirmed that this submission will be valuable to others.
8. I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
9. I give this submission freely, and claim no ownership to its content.
---
- [x] I have read the above and my PR is ready for review. *Check this box to confirm*