Please follow the below template, it will help us to help you!
If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.
This is returning NXDOMAIN when I expect it to load. When I reboot my Raspberry Pi, the sites start working again and returns CNAME for a reply but it only lasts about 48 hours before it starts happening again. I've even wiped clean my SD Card and done a fresh install of everything and I get the same results.
NXDOMAIN is a valid resolution result - it means that the authoritative DNS server for a given domain has replied that such a domain doesn't exist at the time of the DNS query.
If the query succeeds at a later time, that would indicate that DNS records have later been (re)added by the respective maintainers.
That doesn't really make sense in this context. There is an error in retrieving the result somehow. I'm not sure if it has to do with unbound or pihole, but the response changes depending on how recently I rebooted my pihole and nothing else. It works immediately after rebooting, and fails after 48 hours. The maintainers are not involved in this process.
How so?
Does unbound's log file show an error that it then somehow transforms to NXDOMAIN?
By default, unbound would work as a recursive resolver, querying authoritative DNS servers for a given domain, which would always involve DNS records as created by the respective maintainers.
Does your unbound configuration change that to behave as a forwarding resolver perhaps?
Could you share your unbound configuration?
I believe I copied this right from the pihole docs.
pi@tidalpi:~ $ cat /etc/unbound/unbound.conf.d/pi-hole.conf
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: no
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: no
# Use this only when you downloaded the list of primary root servers!
# If you use the default dns-root-data package, unbound will find it automat ically
#root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# IP fragmentation is unreliable on the Internet today, and can cause
# transmission failures when large DNS messages are sent via UDP. Even
# when fragmentation does work, it may not be secure; it is theoretically
# possible to spoof parts of a fragmented DNS message, without easy
# detection at the receiving end. Recently, there was an excellent study
# >>> Defragmenting DNS - Determining the optimal maximum UDP response size for DNS <<<
# by Axel Koolhaas, and Tjeerd Slokker (https://indico.dns-oarc.net/event/36 /contributions/776/)
# in collaboration with NLnet Labs explored DNS using real world data from t he
# the RIPE Atlas probes and the researchers suggested different values for
# IPv4 and IPv6 and in different scenarios. They advise that servers should
# be configured to limit DNS messages sent over UDP to a size that will not
# trigger fragmentation on typical network links. DNS servers can switch
# from UDP to TCP when a DNS response is too big to fit in this limited
# buffer size. This value has also been suggested in DNS Flag Day 2020.
edns-buffer-size: 1232
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In re ality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spike s
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
As far as if the solution is fixed if I use a public resolver, I will have to wait a day or two to let me setup "fail" in order to compare. But I suspect using a public resolver would not produce the same result and "fix" the issue.
You are currently not logging anything (verbosity: 0).
If you want to investigate how unbound retrieves that NXDOMAIN reply, you'd have to consider raising verbosity, and perhaps enable an unbound specific log file (see unbound - Pi-hole documentation).
Your grep confirmed that there is no additional configuration, so you are running your unbound with Pi-hole's suggested configuration, i.e. as a recursive resolver retrieving resolution results directly from authoritative DNS servers.
Note that results may differ from those retrieved by a public DNS resolver, depending on authoritative DNS server configuration, e.g. authoritative DNS servers may be configured to attempt providing IP addresses in their replies that are topologically close to the DNS request's source IP address. For a local unbound, that would be your address, whereas for a public resolver, that would be the public resolver's IP as used in the DNS request.
I'd like to re-emphasise that NXDOMAIN is a valid resolution result, indicating that an authoritative DNS server has confirmed that the requested domain does not exist.
It does not indicate a blocked or refused reply or a resolution error (which would be returned as SERVFAIL, potentially along with an with an EDE reason code).
As for the log file:
You should heed the advice from the linked guide and not leave it on for daily usage, as unbound's logs grow large fast.
You should consider to raise verbosity when you observe unexpected NXDOMAIN results, then issue a dig for your offending domain and inspect the log for details.
I am fairly confident that you'll see that NXDOMAIN is indeed the result provided by the authoritative DNS server - based on your unbound configuration, there is no reason to assume otherwise.
After raising verbosity to 2 and reloading the reddit page which is failing to load thumbnails, this is the log page:
pi@tidalpi:~ $ cat /var/log/unbound/unbound.log
Jan 12 10:36:10 unbound[73994:0] notice: init module 0: subnetcache
Jan 12 10:36:10 unbound[73994:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Jan 12 10:36:10 unbound[73994:0] notice: init module 1: validator
Jan 12 10:36:10 unbound[73994:0] notice: init module 2: iterator
Jan 12 10:36:10 unbound[73994:0] info: start of service (unbound 1.17.1).
Jan 12 10:36:19 unbound[73994:0] info: resolving cdn-icloud-content.g.aaplimg.com. A IN
Jan 12 10:36:19 unbound[73994:0] info: priming . IN NS
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 199.7.91.13#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.36.148.17#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 198.41.0.4#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.33.4.12#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.112.36.4#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 198.97.190.53#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 199.9.14.201#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 202.12.27.33#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 193.0.14.129#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.58.128.30#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.203.230.10#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 199.7.83.42#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.5.5.241#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.33.4.12#53
Jan 12 10:36:19 unbound[73994:0] info: query response was ANSWER
Jan 12 10:36:19 unbound[73994:0] info: priming successful for . NS IN
Jan 12 10:36:19 unbound[73994:0] info: response for cdn-icloud-content.g.aaplimg.com. A IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 170.247.170.2#53
Jan 12 10:36:19 unbound[73994:0] info: query response REC_LAME: recursive but not authoritative server
Jan 12 10:36:19 unbound[73994:0] info: mark as REC_LAME
Jan 12 10:36:19 unbound[73994:0] info: response for cdn-icloud-content.g.aaplimg.com. A IN
Jan 12 10:36:19 unbound[73994:0] info: reply from <.> 192.203.230.10#53
Jan 12 10:36:19 unbound[73994:0] info: query response was ANSWER
Jan 12 10:36:28 unbound[73994:0] info: resolving dualstack.reddit.map.fastly.net. A IN
Jan 12 10:36:28 unbound[73994:0] info: response for dualstack.reddit.map.fastly.net. A IN
Jan 12 10:36:28 unbound[73994:0] info: reply from <.> 193.0.14.129#53
Jan 12 10:36:28 unbound[73994:0] info: query response was nodata ANSWER
Jan 12 10:36:28 unbound[73994:0] info: response for dualstack.reddit.map.fastly.net. A IN
Jan 12 10:36:28 unbound[73994:0] info: reply from <.> 192.112.36.4#53
Jan 12 10:36:28 unbound[73994:0] info: query response was ANSWER
Jan 12 10:36:28 unbound[73994:0] info: response for dualstack.reddit.map.fastly.net. A IN
Jan 12 10:36:28 unbound[73994:0] info: reply from <.> 199.7.83.42#53
Jan 12 10:36:28 unbound[73994:0] info: query response was ANSWER
Jan 12 10:36:28 unbound[73994:0] info: response for dualstack.reddit.map.fastly.net. A IN
Jan 12 10:36:28 unbound[73994:0] info: reply from <.> 198.41.0.4#53
Jan 12 10:36:28 unbound[73994:0] info: query response was ANSWER
Jan 12 10:36:28 unbound[73994:0] info: response for dualstack.reddit.map.fastly.net. A IN
Jan 12 10:36:28 unbound[73994:0] info: reply from <.> 198.97.190.53#53
Jan 12 10:36:28 unbound[73994:0] info: query response was ANSWER
I don't see the a.thumbs.redditmedia.com or b.thumbs.redditmedia.com in the logs which are the domains in question that are not having the expected results.
I am fairly confident that you'll see that NXDOMAIN is indeed the result provided by the authoritative DNS server - based on your unbound configuration, there is no reason to assume otherwise.
But how come this is only true after my pihole has been running for a few days? That domains resolves fine after I reboot, or when I choose a different upstream DNS server, or when I am not using pihole, or on my home pihole setup (as opposed to this one, which is my office setup, which also uses unbound). If you try to resolve a.thumbs.redditmedia.com or b.thumbs.redditmedia.com do you get an NXDOMAIN result? If not, then how could that been the true result of the authoritative DNS server?
Then chances are that replies for those domains are still cached by either Pi-hole or the requesting client itself. As both of those domains are CNAMEs referring to dualstack.reddit.map.fastly.net., it could be just those CNAMEs that are cached, and the log still seems related and representative for the actual A record lookup (with a shorter TTL than the CNAME) your observation.
However, something else from your log is disturbing:
That would indicate that the contacted server is not sending authoritative replies.
But you are talking to the root servers here - they definitely are authoritative.
This would suggest that something upstream of unbound may be intercepting DNS traffic, so the answers you are seeing would not be originating from the root servers.
Do you run a firewall in your network, or would you route outbound public traffic through a VPN service provider?
Hi, so I was away from my home network at the time I tested so I was running the tests at the time through a VPN and also there is a firewall on the network, so both were true at the time.
I reran the tests now that I'm back on the home network, so no longer using a VPN but yes there is an active firewall. Here are the new results:
pi@tidalpi:~ $ cat /var/log/unbound/unbound.log
Jan 13 08:54:26 unbound[83681:0] notice: init module 0: subnetcache
Jan 13 08:54:26 unbound[83681:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Jan 13 08:54:26 unbound[83681:0] notice: init module 1: validator
Jan 13 08:54:26 unbound[83681:0] notice: init module 2: iterator
Jan 13 08:54:26 unbound[83681:0] info: start of service (unbound 1.17.1).
pi@tidalpi:~ $ cat /var/log/unbound/unbound.log
Jan 13 08:54:26 unbound[83681:0] notice: init module 0: subnetcache
Jan 13 08:54:26 unbound[83681:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Jan 13 08:54:26 unbound[83681:0] notice: init module 1: validator
Jan 13 08:54:26 unbound[83681:0] notice: init module 2: iterator
Jan 13 08:54:26 unbound[83681:0] info: start of service (unbound 1.17.1).
Jan 13 08:54:40 unbound[83681:0] info: resolving st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:40 unbound[83681:0] info: priming . IN NS
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 199.9.14.201#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 192.58.128.30#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 199.7.83.42#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 192.5.5.241#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 193.0.14.129#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 192.33.4.12#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:40 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:54:40 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:40 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:40 unbound[83681:0] info: resolving st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:40 unbound[83681:0] info: priming . IN NS
Jan 13 08:54:41 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 202.12.27.33#53
Jan 13 08:54:41 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:41 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:41 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 198.41.0.4#53
Jan 13 08:54:41 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:41 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:41 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.203.230.10#53
Jan 13 08:54:41 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:41 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:41 unbound[83681:0] info: response for . NS IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 199.9.14.201#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: priming successful for . NS IN
Jan 13 08:54:41 unbound[83681:0] info: priming successful for . NS IN
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 170.247.170.2#53
Jan 13 08:54:41 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:41 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 170.247.170.2#53
Jan 13 08:54:41 unbound[83681:0] info: query response REC_LAME: recursive but not authoritative server
Jan 13 08:54:41 unbound[83681:0] info: mark as REC_LAME
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 199.7.83.42#53
Jan 13 08:54:41 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:41 unbound[83681:0] info: resolving st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 202.12.27.33#53
Jan 13 08:54:41 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:41 unbound[83681:0] info: resolving st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 193.0.14.129#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.203.230.10#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.58.128.30#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 193.0.14.129#53
Jan 13 08:54:41 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:41 unbound[83681:0] info: resolving st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.203.230.10#53
Jan 13 08:54:41 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:41 unbound[83681:0] info: resolving st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.5.5.241#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 199.7.83.42#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for st2-v3-dc.splashtop.com. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: resolving c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: response for c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.58.128.30#53
Jan 13 08:54:41 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:41 unbound[83681:0] info: resolving c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: response for c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.58.128.30#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 193.0.14.129#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for c.pki.goog. A IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: resolving slack.com. HTTPS IN
Jan 13 08:54:41 unbound[83681:0] info: response for slack.com. HTTPS IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:41 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:41 unbound[83681:0] info: response for slack.com. HTTPS IN
Jan 13 08:54:41 unbound[83681:0] info: reply from <.> 192.5.5.241#53
Jan 13 08:54:41 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:46 unbound[83681:0] info: resolving assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 192.33.4.12#53
Jan 13 08:54:46 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 192.203.230.10#53
Jan 13 08:54:46 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:46 unbound[83681:0] info: resolving assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:54:46 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:46 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:46 unbound[83681:0] info: resolving assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 198.41.0.4#53
Jan 13 08:54:46 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 193.0.14.129#53
Jan 13 08:54:46 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:46 unbound[83681:0] info: resolving assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:46 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:46 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:46 unbound[83681:0] info: response for assets.msn.com. A IN
Jan 13 08:54:46 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:46 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:49 unbound[83681:0] info: resolving profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:49 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:49 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:49 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:49 unbound[83681:0] info: resolving example.org. A IN
Jan 13 08:54:49 unbound[83681:0] info: response for example.org. A IN
Jan 13 08:54:49 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:54:49 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:49 unbound[83681:0] info: response for example.org. A IN
Jan 13 08:54:49 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:49 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:49 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:49 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:49 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:49 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:49 unbound[83681:0] info: reply from <.> 192.203.230.10#53
Jan 13 08:54:49 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:49 unbound[83681:0] info: resolving profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:49 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:49 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:49 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:50 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:50 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:50 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:50 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:50 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:54:50 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:50 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:50 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:54:50 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:50 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:50 unbound[83681:0] info: reply from <.> 192.5.5.241#53
Jan 13 08:54:50 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:50 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:50 unbound[83681:0] info: reply from <.> 198.41.0.4#53
Jan 13 08:54:50 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:50 unbound[83681:0] info: response for profile.accounts.firefox.com. AAAA IN
Jan 13 08:54:50 unbound[83681:0] info: reply from <.> 170.247.170.2#53
Jan 13 08:54:50 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:55 unbound[83681:0] info: resolving www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:55 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 193.0.14.129#53
Jan 13 08:54:55 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:55 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:55 unbound[83681:0] info: resolving www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 198.41.0.4#53
Jan 13 08:54:55 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 192.112.36.4#53
Jan 13 08:54:55 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 198.41.0.4#53
Jan 13 08:54:55 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 192.33.4.12#53
Jan 13 08:54:55 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:55 unbound[83681:0] info: response for www.redditstatic.com. A IN
Jan 13 08:54:55 unbound[83681:0] info: reply from <.> 198.41.0.4#53
Jan 13 08:54:55 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:56 unbound[83681:0] info: resolving external-preview.redd.it. A IN
Jan 13 08:54:56 unbound[83681:0] info: response for external-preview.redd.it. A IN
Jan 13 08:54:56 unbound[83681:0] info: reply from <.> 192.33.4.12#53
Jan 13 08:54:56 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:54:56 unbound[83681:0] info: response for external-preview.redd.it. A IN
Jan 13 08:54:56 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:56 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:56 unbound[83681:0] info: response for external-preview.redd.it. A IN
Jan 13 08:54:56 unbound[83681:0] info: reply from <.> 192.5.5.241#53
Jan 13 08:54:56 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:56 unbound[83681:0] info: resolving external-preview.redd.it. A IN
Jan 13 08:54:56 unbound[83681:0] info: resolving styles.redditmedia.com. A IN
Jan 13 08:54:56 unbound[83681:0] info: response for styles.redditmedia.com. A IN
Jan 13 08:54:56 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:56 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:56 unbound[83681:0] info: response for styles.redditmedia.com. A IN
Jan 13 08:54:56 unbound[83681:0] info: reply from <.> 192.58.128.30#53
Jan 13 08:54:56 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:56 unbound[83681:0] info: resolving styles.redditmedia.com. A IN
Jan 13 08:54:56 unbound[83681:0] info: resolving www.google.com. A IN
Jan 13 08:54:56 unbound[83681:0] info: response for www.google.com. A IN
Jan 13 08:54:56 unbound[83681:0] info: reply from <.> 199.7.83.42#53
Jan 13 08:54:56 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:56 unbound[83681:0] info: resolving www.google.com. AAAA IN
Jan 13 08:54:56 unbound[83681:0] info: response for www.google.com. AAAA IN
Jan 13 08:54:56 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:54:56 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:57 unbound[83681:0] info: resolving v.redd.it. A IN
Jan 13 08:54:57 unbound[83681:0] info: response for v.redd.it. A IN
Jan 13 08:54:57 unbound[83681:0] info: reply from <.> 192.33.4.12#53
Jan 13 08:54:57 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:57 unbound[83681:0] info: resolving v.redd.it. A IN
Jan 13 08:54:57 unbound[83681:0] info: resolving www.gstatic.com. AAAA IN
Jan 13 08:54:57 unbound[83681:0] info: response for www.gstatic.com. AAAA IN
Jan 13 08:54:57 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:57 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:57 unbound[83681:0] info: response for www.gstatic.com. AAAA IN
Jan 13 08:54:57 unbound[83681:0] info: reply from <.> 202.12.27.33#53
Jan 13 08:54:57 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:57 unbound[83681:0] info: response for www.gstatic.com. AAAA IN
Jan 13 08:54:57 unbound[83681:0] info: reply from <.> 192.36.148.17#53
Jan 13 08:54:57 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:58 unbound[83681:0] info: resolving i.redd.it. A IN
Jan 13 08:54:58 unbound[83681:0] info: response for i.redd.it. A IN
Jan 13 08:54:58 unbound[83681:0] info: reply from <.> 192.203.230.10#53
Jan 13 08:54:58 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:58 unbound[83681:0] info: resolving i.redd.it. A IN
Jan 13 08:54:59 unbound[83681:0] info: resolving api.connect.raspberrypi.com. A IN
Jan 13 08:54:59 unbound[83681:0] info: response for api.connect.raspberrypi.com. A IN
Jan 13 08:54:59 unbound[83681:0] info: reply from <.> 202.12.27.33#53
Jan 13 08:54:59 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:59 unbound[83681:0] info: response for api.connect.raspberrypi.com. A IN
Jan 13 08:54:59 unbound[83681:0] info: reply from <.> 192.203.230.10#53
Jan 13 08:54:59 unbound[83681:0] info: query response was ANSWER
Jan 13 08:54:59 unbound[83681:0] info: response for api.connect.raspberrypi.com. A IN
Jan 13 08:54:59 unbound[83681:0] info: reply from <.> 198.97.190.53#53
Jan 13 08:54:59 unbound[83681:0] info: query response was CNAME
Jan 13 08:54:59 unbound[83681:0] info: resolving api.connect.raspberrypi.com. A IN
Jan 13 08:55:02 unbound[83681:0] info: resolving chat.google.com. AAAA IN
Jan 13 08:55:02 unbound[83681:0] info: response for chat.google.com. AAAA IN
Jan 13 08:55:02 unbound[83681:0] info: reply from <.> 170.247.170.2#53
Jan 13 08:55:02 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:55:02 unbound[83681:0] info: response for chat.google.com. AAAA IN
Jan 13 08:55:02 unbound[83681:0] info: reply from <.> 202.12.27.33#53
Jan 13 08:55:02 unbound[83681:0] info: query response was ANSWER
Jan 13 08:55:02 unbound[83681:0] info: response for chat.google.com. AAAA IN
Jan 13 08:55:02 unbound[83681:0] info: reply from <.> 199.7.83.42#53
Jan 13 08:55:02 unbound[83681:0] info: query response was ANSWER
Jan 13 08:55:07 unbound[83681:0] info: resolving prod-dynamite-prod-03-us-signaler-pa.clients6.google.com. A IN
Jan 13 08:55:07 unbound[83681:0] info: response for prod-dynamite-prod-03-us-signaler-pa.clients6.google.com. A IN
Jan 13 08:55:07 unbound[83681:0] info: reply from <.> 199.7.91.13#53
Jan 13 08:55:07 unbound[83681:0] info: query response was nodata ANSWER
Jan 13 08:55:07 unbound[83681:0] info: response for prod-dynamite-prod-03-us-signaler-pa.clients6.google.com. A IN
Jan 13 08:55:07 unbound[83681:0] info: reply from <.> 198.41.0.4#53
Jan 13 08:55:07 unbound[83681:0] info: query response was CNAME
Jan 13 08:55:07 unbound[83681:0] info: resolving prod-dynamite-prod-03-us-signaler-pa.clients6.google.com. A IN
Jan 13 08:55:07 unbound[83681:0] info: response for prod-dynamite-prod-03-us-signaler-pa.clients6.google.com. A IN
Jan 13 08:55:07 unbound[83681:0] info: reply from <.> 199.7.83.42#53
Jan 13 08:55:07 unbound[83681:0] info: query response was ANSWER
Your recent log lines don't seem to contain any of your offending domains?
Your current log still shows those REC_LAME replies, suggesting some kind of upstream interference.
While it potentially may contribute to it, this isn't your original issue - but it certainly impacts DNS resolution negatively. At the least, it would slow down DNS resolution., as unbound would continue to get valid authoritative replies from each of the root zone (<.>) servers, and will only fall back to consider those REC_LAME responses after it has tried all of them unsuccessfully.
Would your firewall force DNS redirects to a local or public DNS servers?
As for a VPN service gateway:
Running a local VPN server to allow remote device connections to your home network is different from routing your home network's traffic through the services of a (paid) VPN provider.
The latter may interfere with unbound's resolution, as VPN service providers commonly would force DNS traffic to their own DNS servers, in attempt to prevent DNS leakages.
I have a SonicWall firewall and these are what I suspect the relevant DNS settings. It seems like everything seems OK? Is there some other settings I should check on the firewall? 192.168.101.189 is my Pihole.
I can't really comment on that, as I don't know that product at all.
Is that firewall also acting as your router/gateway?
If so, I'd wonder whether there would be a DHCP option for distributing a local DNS server pushed to DHCP clients, and whether that DNS pane you show concerns the firewall's upstreams (i.e. the DNS server the firewall itself would use), and I generally wonder what the DNS Proxy would be for.
if I click the configure button to the right of the dynamic leases, it shows this screen. Considering what the DNS screen showed previously in my last reply, this seems okay, right?
As said before, I can't really comment on that, but I wonder whether that DNS pane would concern your firewall's upstreams (i.e. the DNS server the firewall itself would use), and I generally wonder what the DNS Proxy would be for.
You should consult your product's documentation for configuration details.
If that DNS pane is defining Pi-hole as your firewall's upstream, your DHCP settings would suggest that you'd be also be using Pi-hole as local DNS server, which may result in a DNS loop if Pi-hole would be sending DNS requests to your firewall, which may either happen when you define your firewall as one of Pi-hole's upstreams, enable Conditional Forwarding or have your firewall intercept DNS and redirect DNS to Pi-hole. I'd expect you to also observe a rate limit and/or max concurrent warning in Pi-hole for looping DNS requests, but only the latter redirect could explain your REC_LAMEs.
To check for related Pi-hole configuration, could you share a fresh debug token?
Your initial one has expired after 48 hours.
I think I may have solved the issue, and if I did, you were correct about it here:
This would suggest that something upstream of unbound may be intercepting DNS traffic, so the answers you are seeing would not be originating from the root servers.
Do you run a firewall in your network, or would you route outbound public traffic through a VPN service provider?
I was looking through the firewall settings and found this.
Both of these "Real Time Blacklist" spam filters were enabled until just now. Currently the previously blocked images are loading, I will see if things remain good. Thank you very much for helping me with this.
