Getting NXDOMAIN in clearly existing sites with pihole and Unbound

gmbgustavo · October 18, 2022, 11:27pm

@deHakkelaar here it goes:
sudo grep -v '^\s*#|^\s*` -R /etc/unbound/unbound.conf*

/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf:    verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf:    interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf:    port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf:    edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf:    prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf:    num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf:    so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf:    private-address: fe80::/10
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:    auto-trust-anchor-file: "/var/lib/unbound/root.key"

Thank you @Bucking_Horn for your extra tips.
Well, that's awkward, but hub.docker.com is now working. The only thing I changed was the multiple IPs in the resolv.conf file as you pointed out. Now it has just my pihole IP address.
But aliexpress still won't resolve so i used:

dig -p 5335 @127.0.0.1 www.aliexpress.com

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> -p 5335 @127.0.0.1 www.aliexpress.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30555
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.aliexpress.com.            IN      A

;; ANSWER SECTION:
www.aliexpress.com.     100     IN      CNAME   global.aliexpress.com.
global.aliexpress.com.  49      IN      CNAME   global.aliexpress.com.gds.alibabadns.com.

;; AUTHORITY SECTION:
gds.alibabadns.com.     143     IN      SOA     gdsns1.alibabadns.com. none. 2018122017 1800 600 3600 360

;; Query time: 3 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Tue Oct 18 23:19:18 UTC 2022
;; MSG SIZE  rcvd: 166

OK, I can buy my chinese stuff somewhere else, but I couldn't live without docker hub

Update
This whatsapp media server also get a NXDOMAIN 'media.fldb5-1.fna.whatsapp.net'.