Qname resolving with Unbound and Root Servers over VPN


When using a VPN to do resolving of domain-names directly with the authoritative servers of the specific domain you can use Unbound to do that which is then placed in front of Pi-hole. Every request Pi-hole makes goes through Unbound and Unbound delivers the answer back to Pi-hole.

It seems that the Root Servers which makes it possible to use also qname in Unbound, are blocking known VPN address ranges. This results that Unbound will start delayed and does not have it Anchor for secure communications.

To avoid this you should have the requests for the Root Servers not go through the VPN but through the normal connection of your ISP.

This can be archived in more advanced routers where you can make a table with the addresses of the Root Servers and have matching addresses take an other way not through the VPN connection.

This is needed when Unbound is started and I have to lookup if that is also done during operation.
I will also have to look if in Ubound this can be done and that would be the most preferred option.

If any one has answers to the two unknowns above then please let it be known.

Link to: Root Servers address page

Updated info: the Anchor is retrieved not only on startup but also during the running of Unbound.