I expect Pi-Hole to show exactly, how it dealt with the query. Either it is blocked or it is forwarded/cached.
Some Queries are being responded with "OK (forwarded) UNKNOWN" or "OK (cached) UNKNOWN"
The log is showing that the query is either forwarded for resolution (i.e. not in cache), or served from cache.
Do you have DNSSEC enabled on your Pi-Hole?
No, I don't use DNSSEC.
However, I configured NordVPN on the same box and set the Upstream DNS-Servers to those of NordVPN.
When enabling DNSSEC (for preferring digital signed DNS records), Pi-hole would show UNSECURE, UNKNOWN or SECURE as additional info for a DNS request.
As not all DNS servers have implemented DNSSEC, you can relax if you see SECURE (no one has tampered with DNS record) and UNKNOWN (DNS record has not been digitally signed), as long as you don't see UNSECURE (DNS record has been tampered with).
However, I also sometimes see this in my logs though I do not use DNSSEC.
In that case, might that be considered a UI glitch, @jfb?
That's the DNSSEC status entry. If the information for DNSSEC is not available then UNKNOWN is displayed. That can happen if the cache does not contain the information needed. Are you sure that the DNSSEC check box is clear in the settings page?
Hmm, @webdevelopers, does the page display the DNSSEC status irregardless of the tickbox?
I can confirm this for my setup as well:
I do not have DNSSEC enabled, yet I do encounter entries labeled as UNKNOWN in my Query Log.
However, this seems to be true only for entries older than 24 hours.
Current entries do not show that label.
Thanks, I don't think we store the DNSSEC information in the longterm database, I vaguely remember talking about this before.
Yes, the UNKNOWN is shown for all queries imported from the database. Because the DNSSEC status is not available for them and we do not know what the status was before FTL was restarted.
One could make the argument to get rid of the UNKNOWN status at all as it is solely used for imported database queries:
This has been implemented and is available in the beta code.
Someday we should probably document what all the things mean so we don't have to go back to the code to remember.
Anyone want to volunteer to help write guides/docs?
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
