Pi-Hole + Unbound issue on loading facebook content

Expected Behaviour:

Resolution of IP address of scontent.fbru1-1.fna.fbcdn.net

Actual Behaviour:

Content at this address is not displaying, and when performing dig, the result for this domain is NXDOMAIN. Dig for fbcdn.net gives the actual ip address and thus works.

When using another DNS (even one of the ones at public-pi-hole.com which also run Unbound), the problem does not exist.

Debug Token:

https://tricorder.pi-hole.net/7y0xucx6ck

Only issue I immediately noticed was the ipv6 address in setupVars.conf, so updated that. ( updated debug token with only that changed is here https://tricorder.pi-hole.net/0io088ev77
). No effect on dig on this specific domain though afterwards.

However, editing /etc/unbound/unbound.conf and taking out these parameters solved the issue:

# performance optimizations (costs more traffic and/or CPU)
#    prefetch-key: yes
#   rrset-roundrobin: yes
#    qname-minimisation-strict: yes
#    hide-identity: yes
#    hide-version: yes

Which one would be the culprit?

Try it without qname-minimisation-strict.

See Unbound manual

   qname-minimisation-strict: <yes or no>
          QNAME minimisation in strict mode. Do not fall-back  to  sending
          full  QNAME  to potentially broken nameservers. A lot of domains
          will not be resolvable when this option in enabled. Only use  if
          you  know  what you are doing.  This option only has effect when
          qname-minimisation is enabled. Default is off.
1 Like

This worked - was just reading the manual and was going to test a few options.
Thanks!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.