Pi-hole with unbound not resolving subdomain

Help Community Help
21

I can successfully resolve weatherstation.wunderground.com through unbound 1.9.0.
This one-time success may not be significant, though, even if we were using the exact same config for unbound, as there's no guarantuee a recursion would travel along the same DNS resolution chain. They may even differ by intention when DNS servers to be visited would depend on our respective locations.

In consequence, I find it hard to track down such issues, especially wihout access to the affected installation. Also, failures may well be attributable to misconfigured DNS servers along that chain, and you could do nothing about that, save from alerting their respective maintainers.

You probably should consider to also ask for help at unbound or wunderground.com, in case this would be a common recent issue.

For the time being, to at least mitigate your issue, you could consider to add a respective Local DNS record for weatherstation.wunderground.com in Pi-hole.
While that may be the easiest approach, it comes with the drawback of requiring you to manually update your local record in the event of IP address changes.

Instead, you could also opt for the slightly less easier option to forward requests for that domain to a public DNS server. That way, DNS resolution would also work even if weatherstation IPs would change.
Obviously, this approach comes with the drawback of exposing respective DNS requests to your chosen public resolver.

You'd have to create a custom dnsmasq configuration file, e.g. /etc/dnsmasq.d/42-forward-weatherstation.conf with the following content:

server=/weatherstation.wunderground.com/208.67.222.222

That would send any query for that domain to OpenDNS. Feel free to use any other public DNS you like by substituting with the appropriate IP address.

Then run a dnsmasq syntax check:

pihole-FTL dnsmasq-test

If ok, restart Pi-hole:

pihole restartdns

Keep in mind that either of those options is a workaround only.
You should reassess weatherstation.wunderground.com regularly and revert to normal if appropriate.

24

Just trying to help here, so here is the result of my dig attempts (all successful btw), running the latest Unbound (with DNSSEC enabled) :

x@x:~ $ dig wunderground.com

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Raspbian <<>> wunderground.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52694
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;wunderground.com.              IN      A

;; ANSWER SECTION:
wunderground.com.       43200   IN      A       23.61.5.200

;; Query time: 200 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Mar 12 10:26:08 CET 2021
;; MSG SIZE  rcvd: 61

x@x:~ $ dig weatherstation.wunderground.com

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Raspbian <<>> weatherstation.wunderground.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52638
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;weatherstation.wunderground.com. IN    A

;; ANSWER SECTION:
weatherstation.wunderground.com. 43200 IN CNAME rtupdate.wunderground.com.
rtupdate.wunderground.com. 43200 IN     CNAME   prod-pws-ng-ingest.pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud.
prod-pws-ng-ingest.pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 43200 IN CNAME pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud.
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 43200 IN A 169.63.130.180
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 43200 IN A 169.61.113.60
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 43200 IN A 169.61.113.58
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 43200 IN A 169.55.126.243
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 43200 IN A 169.55.126.244
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 43200 IN A 169.63.130.179

;; Query time: 360 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Mar 12 10:26:49 CET 2021
;; MSG SIZE  rcvd: 321
25

It seems my last thank you was not posted...
So again thank you all three for your kind help!
It would have been far beyound my own capabilities to install a dns forward without your help!
And thank you for verifying that it does seem to work fo the both of you.
I did send the problem to the unbound mailin glist, maybe someone over there also has an idea.

1 Like
26

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.