Any attempt to access klarna.com fails with error: reply error is SERVFAIL
Here's some more details from log:
May 27 18:52:54 dnsmasq[15940]: query[A] klarna.com from 192.168.1.83
May 27 18:52:54 dnsmasq[15940]: forwarded klarna.com to 127.0.0.1#5353
May 27 18:52:54 dnsmasq[15940]: query[AAAA] klarna.com from 192.168.1.83
May 27 18:52:54 dnsmasq[15940]: forwarded klarna.com to 127.0.0.1#5353
May 27 18:52:54 dnsmasq[15940]: reply error is SERVFAIL
May 27 18:52:54 dnsmasq[15940]: reply error is SERVFAIL
May 27 18:52:54 dnsmasq[15940]: query[A] klarna.com from 192.168.1.83
May 27 18:52:54 dnsmasq[15940]: forwarded klarna.com to 127.0.0.1#5353
May 27 18:52:54 dnsmasq[15940]: query[AAAA] klarna.com from 192.168.1.83
May 27 18:52:54 dnsmasq[15940]: forwarded klarna.com to 127.0.0.1#5353
May 27 18:52:54 dnsmasq[15940]: reply error is SERVFAIL
May 27 18:52:54 dnsmasq[15940]: reply error is SERVFAIL
After disabling Pi-hole name resolution works as expected.
Note that SERVFAIL is a valid DNS reply as can be received from upstream servers. Respective replies are both common and expected every once in a while, but normally shouldn't reoccur when retrying a bit later, see also MS Teams gets no presence status for contacts - #6 by Bucking_Horn.
If that happens next time, check the OPT PSEUDOSECTION for RFC8914 EDE error codes, which may have more specific information as to why the SERVFAIL occured (e.g. it could be censored upstream).
You also may have to scrutinise unbound's log files in order to find out more.
Thanks for your support.
I'll wait until this issue is reproducible again.
Then I'll update the ticket accordingly and provide additional information as documented here.
Today (actually yesterday), I also had a DNSSEC problem (SERVFAIL in the pihole log) for www.paypal.com and some related domains. Using dnsec on unbound, NOT on pihole-FTL.
I restarted unbound and the problem was gone, no idea what the cause is / was.