Unfortunately, my knowledge is not sufficient for this. Maybe another pihole user who uses unbound has the same or a similar problem and can help solve it here.
Komisch, taucht bereits zum zweiten Mal auf:
I have similar issues with .de domains throughout the past month but haven't found the time to properly troubleshoot this. I never visited deutsche-glasfaser.de but other domains such as aldi-sued.de failed reliably with SERVFAIL, too.
FWIW, I did just try both deutsche-glasfaser.de as well as aldi-sued.de and both worked just fine this morning.
The interesting part from your logs is (verbosity 3):
[1648744447] unbound[8491:0] info: resolving www.deutsche-glasfaser.de. A IN
[1648744447] unbound[8491:0] info: resolving (init part 2): www.deutsche-glasfaser.de. A IN
[1648744447] unbound[8491:0] info: resolving (init part 3): www.deutsche-glasfaser.de. A IN
[1648744447] unbound[8491:0] info: processQueryTargets: www.deutsche-glasfaser.de. A IN
[1648744447] unbound[8491:0] debug: out of query targets -- returning SERVFAIL
[1648744447] unbound[8491:0] debug: return error response SERVFAIL
The SERVFAIL is sent after 10 seconds.
out of query targets -- returning SERVFAIL typically means that the forward destination was not reachable, either because it was down or because it was blacklisted in some firewall, etc.
The verbosity 5 log is somewhat different. It logs that it was able to get the addresses
[1648746268] unbound[9481:0] debug: ip6 2a00:6020:200::2 port 53 (len 28)
[1648746268] unbound[9481:0] debug: ip4 185.22.45.49 port 53 (len 16)
[1648746268] unbound[9481:0] debug: ip6 2a00:6020:100::2 port 53 (len 28)
[1648746268] unbound[9481:0] debug: ip4 185.22.44.49 port 53 (len 16)
but was still waiting for additional records at the time you restarted the service (52 seconds after startup). You shouldn't have received SERVFAIL as a reply in this test but dog should still have been waiting.
How does your unbound configuration look like? Is it the one from the Pi-hole documentation or did you follow some other tutorial and/or made changes yourself?
I just tried out deutsche-glasfaser.de and aldi-sued.de. aldi-sued.de works and deutsche-glasfaser.de continues to deliver a SERVFAIL
The unbound configuration corresponds to that described on unbound - Pi-hole documentation with one exception. I have root-hints enabled. The file is updated monthly and is currently as of March 16, 2022
I would like to actively support troubleshooting. If there's anything I can do, please tell me.
Let's ask one of the DNS root servers (192.55.83.30) which DNS server is authoritative for deutsche-glasfaser.de.
Run from your Pi-hole machine, what's the output of:
dig +noall +authority @192.55.83.30 ns deutsche-glasfaser.de
The answer ist as follows:
That looks ok.
This isn't a Pi-hole issue, so our support will be limited as we are leaving our immediate area of expertise - SERVFAIL issues are both common and expected but also hard to troubleshoot when occuring persistently.
It doesn't seem to be a general issue with unbound's configuration either, as your observation seems limited to a select few domains.
So yery likely, your observation is caused by some misconfiguration within the scope of authoritative DNS servers that unbound is communicating or trying to communicate with, or something upstream is messing with DNS requests.
In the past, we've had a few reports where a 'security' feature from an ISP's network blocked access to certain IPs, see Pi-hole unbound servfail - #16 by deHakkelaar.
On one instance, deHakkelaar provided a script to facilitate trouble-shooting an unbound issue - see Need help and techniques to debug DNS failure on Facebook and Instagram using Pihole with Unbound - #31 by deHakkelaar.
However, that seems to rely on some log files produced somewhere along that conversation.
Maybe @deHakkelaar would be able to explain what is needed.
1 Like
Hello firewire,
i have pihole + unbound too, but i don´t use DNSSEC and deutsche-glasfase.de is working fine.
Did you try to disable DNSSEC and try again?
I'll try explain again with some details.
First configure something else than unbound as upstream for Pi-hole (eg Google, Cloudlflare etc).
This so the logs dont get polluted with queries from your clients.
http://pi.hole/admin/settings.php?tab=dns
Stop the unbound service:
sudo service unbound stop
Start unbound manually with extra verbosity and debug logging plus output to screen:
sudo /usr/sbin/unbound -ddd -vvv -c /etc/unbound/unbound.conf
Copy/paste the output to here for inspection?
Next in another SSH session, perform below dig only ones (concurrent dig queries will be pulled from unbound cache and wont trigger querying any upstream DNS servers):
dig @localhost -p 5335 a deutsche-glasfaser.de.
Copy/paste the extra log lines generated from that one dig to here separately?
To use the scrip, first paste above last log lines resulting from the dig to a new file eg:
nano unbound.serverfail.log
And run the scrip with the log file as an argument eg:
./unbound_check.sh unbound.serverfail.log | column -t
If all goes well, it generates a list of dig commands, similar as the queries that unbound makes, that can be run manually to check results eg just copy/paste to a prompt and press enter.
You could also check with below grep on the same log file if any module_event_noreply messages are present that indicates that querying one or more of the upstream DNS servers is failing:
grep -B3 module_event_noreply unbound.serverfail.log
When finished diagnosing, you can stop unbound by pressing CTRLc
Start here up normal again via systemd:
sudo service unbound start
And configure unbound as upstream again 127.0.0.1#5335 in Pi-hole (dont forget to remove the other DNS server(s) that you selected):
http://pi.hole/admin/settings.php?tab=dns
For comparison:
pi@ph5b:~ $ sudo service unbound stop
pi@ph5b:~ $
pi@ph5b:~ $ sudo /usr/sbin/unbound -ddd -vvv -c /etc/unbound/unbound.conf
[1649154273] unbound[12778:0] notice: Start of unbound 1.13.1.
[1649154274] unbound[12778:0] debug: chdir to /etc/unbound
[1649154274] unbound[12778:0] debug: drop user privileges, run as unbound
[1649154274] unbound[12778:0] debug: switching log to stderr
[1649154274] unbound[12778:0] debug: module config: "subnetcache validator iterator"
[1649154274] unbound[12778:0] notice: init module 0: subnet
[1649154274] unbound[12778:0] debug: subnet: option registered (8)
[1649154274] unbound[12778:0] notice: init module 1: validator
[1649154274] unbound[12778:0] notice: init module 2: iterator
[1649154274] unbound[12778:0] debug: target fetch policy for level 0 is 3
[1649154274] unbound[12778:0] debug: target fetch policy for level 1 is 2
[1649154274] unbound[12778:0] debug: target fetch policy for level 2 is 1
[1649154274] unbound[12778:0] debug: target fetch policy for level 3 is 0
[1649154274] unbound[12778:0] debug: target fetch policy for level 4 is 0
[1649154274] unbound[12778:0] debug: cache memory msg=33040 rrset=33040 infra=3920 val=33196 subnet=41372
[1649154274] unbound[12778:0] info: start of service (unbound 1.13.1).
pi@ph5b:~ $ dig @localhost -p 5335 a deutsche-glasfaser.de.
; <<>> DiG 9.16.22-Raspbian <<>> @localhost -p 5335 a deutsche-glasfaser.de.
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45235
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;deutsche-glasfaser.de. IN A
;; ANSWER SECTION:
deutsche-glasfaser.de. 86400 IN A 185.22.44.179
;; Query time: 259 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Tue Apr 05 12:25:58 CEST 2022
;; MSG SIZE rcvd: 66
pi@ph5b:~ $ sudo /usr/sbin/unbound -ddd -vvv -c /etc/unbound/unbound.conf
[..]
[1649154357] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_new
[1649154357] unbound[12818:0] info: subnet operate: query deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1649154357] unbound[12818:0] info: validator operate: query deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass
[1649154357] unbound[12818:0] info: resolving deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] info: priming . IN NS
[1649154357] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass
[1649154357] unbound[12818:0] info: iterator operate: query . NS IN
[1649154357] unbound[12818:0] info: processQueryTargets: . NS IN
[1649154357] unbound[12818:0] info: sending query: . NS IN
[1649154357] unbound[12818:0] debug: sending to target: <.> 192.203.230.10#53
[1649154357] unbound[12818:0] debug: cache memory msg=33040 rrset=33040 infra=4149 val=33196 subnet=41372
[1649154357] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1649154357] unbound[12818:0] info: iterator operate: query . NS IN
[1649154357] unbound[12818:0] info: response for . NS IN
[1649154357] unbound[12818:0] info: reply from <.> 192.203.230.10#53
[1649154357] unbound[12818:0] info: query response was ANSWER
[1649154357] unbound[12818:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_moddone
[1649154357] unbound[12818:0] info: validator operate: query . NS IN
[1649154357] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_moddone
[1649154357] unbound[12818:0] info: subnet operate: query . NS IN
[1649154357] unbound[12818:0] info: priming successful for . NS IN
[1649154357] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_subquery event:module_event_pass
[1649154357] unbound[12818:0] info: iterator operate: query deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] info: resolving (init part 2): deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] info: resolving (init part 3): deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] info: processQueryTargets: deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] debug: removing 1 labels
[1649154357] unbound[12818:0] info: sending query: de. A IN
[1649154357] unbound[12818:0] debug: sending to target: <.> 192.33.4.12#53
[1649154357] unbound[12818:0] debug: cache memory msg=33701 rrset=38048 infra=4378 val=33196 subnet=41372
[1649154357] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1649154357] unbound[12818:0] info: iterator operate: query deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] info: response for deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] info: reply from <.> 192.33.4.12#53
[1649154357] unbound[12818:0] info: query response was REFERRAL
[1649154357] unbound[12818:0] info: processQueryTargets: deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] info: sending query: deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] debug: sending to target: <de.> 81.91.164.5#53
[1649154357] unbound[12818:0] debug: cache memory msg=33701 rrset=40571 infra=4610 val=33196 subnet=41372
[1649154357] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1649154357] unbound[12818:0] info: iterator operate: query deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: response for deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: reply from <de.> 81.91.164.5#53
[1649154358] unbound[12818:0] info: query response was REFERRAL
[1649154358] unbound[12818:0] info: processQueryTargets: deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: sending query: deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] debug: sending to target: <deutsche-glasfaser.de.> 185.22.44.49#53
[1649154358] unbound[12818:0] debug: cache memory msg=33701 rrset=42165 infra=4861 val=33648 subnet=41372
[1649154358] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1649154358] unbound[12818:0] info: iterator operate: query deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: response for deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: reply from <deutsche-glasfaser.de.> 185.22.44.49#53
[1649154358] unbound[12818:0] info: query response was ANSWER
[1649154358] unbound[12818:0] info: finishing processing for deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: validator operate: query deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: prime trust anchor
[1649154358] unbound[12818:0] info: generate keytag query _ta-4f66. NULL IN
[1649154358] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: subnet operate: query . DNSKEY IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: validator operate: query . DNSKEY IN
[1649154358] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: resolving . DNSKEY IN
[1649154358] unbound[12818:0] info: resolving (init part 2): . DNSKEY IN
[1649154358] unbound[12818:0] info: resolving (init part 3): . DNSKEY IN
[1649154358] unbound[12818:0] info: processQueryTargets: . DNSKEY IN
[1649154358] unbound[12818:0] info: sending query: . DNSKEY IN
[1649154358] unbound[12818:0] debug: sending to target: <.> 192.112.36.4#53
[1649154358] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: subnet operate: query _ta-4f66. NULL IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: validator operate: query _ta-4f66. NULL IN
[1649154358] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: resolving _ta-4f66. NULL IN
[1649154358] unbound[12818:0] info: resolving (init part 2): _ta-4f66. NULL IN
[1649154358] unbound[12818:0] info: resolving (init part 3): _ta-4f66. NULL IN
[1649154358] unbound[12818:0] info: processQueryTargets: _ta-4f66. NULL IN
[1649154358] unbound[12818:0] info: sending query: _ta-4f66. A IN
[1649154358] unbound[12818:0] debug: sending to target: <.> 192.5.5.241#53
[1649154358] unbound[12818:0] debug: cache memory msg=33864 rrset=42322 infra=5319 val=33648 subnet=41372
[1649154358] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1649154358] unbound[12818:0] info: iterator operate: query _ta-4f66. NULL IN
[1649154358] unbound[12818:0] info: response for _ta-4f66. NULL IN
[1649154358] unbound[12818:0] info: reply from <.> 192.5.5.241#53
[1649154358] unbound[12818:0] info: query response was NXDOMAIN ANSWER
[1649154358] unbound[12818:0] info: finishing processing for _ta-4f66. NULL IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: validator operate: query _ta-4f66. NULL IN
[1649154358] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: subnet operate: query _ta-4f66. NULL IN
[1649154358] unbound[12818:0] debug: cache memory msg=34034 rrset=43240 infra=5319 val=33648 subnet=41372
[1649154358] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1649154358] unbound[12818:0] info: iterator operate: query . DNSKEY IN
[1649154358] unbound[12818:0] info: response for . DNSKEY IN
[1649154358] unbound[12818:0] info: reply from <.> 192.112.36.4#53
[1649154358] unbound[12818:0] info: query response was ANSWER
[1649154358] unbound[12818:0] info: finishing processing for . DNSKEY IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: validator operate: query . DNSKEY IN
[1649154358] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: subnet operate: query . DNSKEY IN
[1649154358] unbound[12818:0] info: validate keys with anchor(DS): sec_status_secure
[1649154358] unbound[12818:0] info: Successfully primed trust anchor . DNSKEY IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
[1649154358] unbound[12818:0] info: validator operate: query deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: validated DS de. DS IN
[1649154358] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: subnet operate: query de. DNSKEY IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: validator operate: query de. DNSKEY IN
[1649154358] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass
[1649154358] unbound[12818:0] info: resolving de. DNSKEY IN
[1649154358] unbound[12818:0] info: resolving (init part 2): de. DNSKEY IN
[1649154358] unbound[12818:0] info: resolving (init part 3): de. DNSKEY IN
[1649154358] unbound[12818:0] info: processQueryTargets: de. DNSKEY IN
[1649154358] unbound[12818:0] info: sending query: de. DNSKEY IN
[1649154358] unbound[12818:0] debug: sending to target: <de.> 194.146.107.6#53
[1649154358] unbound[12818:0] debug: cache memory msg=34175 rrset=44480 infra=5551 val=34896 subnet=41372
[1649154358] unbound[12818:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1649154358] unbound[12818:0] info: iterator operate: query de. DNSKEY IN
[1649154358] unbound[12818:0] info: response for de. DNSKEY IN
[1649154358] unbound[12818:0] info: reply from <de.> 194.146.107.6#53
[1649154358] unbound[12818:0] info: query response was ANSWER
[1649154358] unbound[12818:0] info: finishing processing for de. DNSKEY IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: validator operate: query de. DNSKEY IN
[1649154358] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: subnet operate: query de. DNSKEY IN
[1649154358] unbound[12818:0] info: validated DNSKEY de. DNSKEY IN
[1649154358] unbound[12818:0] debug: validator[module 1] operate: extstate:module_wait_subquery event:module_event_pass
[1649154358] unbound[12818:0] info: validator operate: query deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] info: NSEC3s for the referral proved no DS.
[1649154358] unbound[12818:0] info: Verified that unsigned response is INSECURE
[1649154358] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1649154358] unbound[12818:0] info: subnet operate: query deutsche-glasfaser.de. A IN
[1649154358] unbound[12818:0] debug: cache memory msg=34319 rrset=45320 infra=5551 val=35855 subnet=41372
pi@ph5b:~ $ nano unbound.serverfail.log
[1649154357] unbound[12818:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_new
[1649154357] unbound[12818:0] info: subnet operate: query deutsche-glasfaser.de. A IN
[1649154357] unbound[12818:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1649154357] unbound[12818:0] info: validator operate: query deutsche-glasfaser.de. A IN
[..]
pi@ph5b:~ $ ./unbound_check.sh unbound.serverfail.log | column -t
dig +norecurse @192.203.230.10 . NS IN
dig +norecurse @192.33.4.12 de. A IN
dig +norecurse @81.91.164.5 deutsche-glasfaser.de. A IN
dig +norecurse @185.22.44.49 deutsche-glasfaser.de. A IN
dig +norecurse @192.112.36.4 . DNSKEY IN
dig +norecurse @192.5.5.241 _ta-4f66. A IN
dig +norecurse @194.146.107.6 de. DNSKEY IN
pi@ph5b:~ $ grep -B3 module_event_noreply unbound.serverfail.log
pi@ph5b:~ $
2 Likes
Thank you all in advance for your support.
I got the following error massage when it tried to post the output here in the same way as you did. So I put everthing in a Textfile.
OutputDebugUnbound.txt (57.8 KB)
1 Like
pi@raspberrypi:~ $ grep -B3 module_event_noreply unbound.serverfail.log [1649158622] unbound[22300:0] info: sending query: deutsche-glasfaser.de. A IN [1649158622] unbound[22300:0] debug: sending to target: <deutsche-glasfaser.de.> 185.22.45.49#53 [1649158622] unbound[22300:0] debug: cache memory msg=33701 rrset=41973 infra=4628 val=33648 subnet=41372 [1649158622] unbound[22300:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply
Below one seems to be the one bugging you:
pi@ph5b:~ $ dig +norecurse @185.22.45.49 deutsche-glasfaser.de. A IN
; <<>> DiG 9.16.22-Raspbian <<>> +norecurse @185.22.45.49 deutsche-glasfaser.de. A IN
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65479
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;deutsche-glasfaser.de. IN A
;; ANSWER SECTION:
deutsche-glasfaser.de. 86400 IN A 185.22.44.179
;; Query time: 19 msec
;; SERVER: 185.22.45.49#53(185.22.45.49)
;; WHEN: Tue Apr 05 14:24:09 CEST 2022
;; MSG SIZE rcvd: 66
How does a traceroute look like?
pi@ph5b:~ $ traceroute -n 185.22.45.49
traceroute to 185.22.45.49 (185.22.45.49), 30 hops max, 60 byte packets
1 10.0.0.1 0.824 ms 0.599 ms 0.616 ms
2 192.168.2.254 1.353 ms 0.729 ms 0.770 ms
3 195.190.228.154 13.081 ms 12.432 ms 12.296 ms
4 * * *
5 * * *
6 129.250.2.232 23.361 ms 129.250.2.162 13.557 ms 84.116.135.33 6.211 ms
7 84.116.135.34 6.304 ms 14.033 ms 129.250.7.87 8.873 ms
8 130.117.14.1 8.922 ms 8.892 ms 9.014 ms
9 62.115.120.228 13.059 ms 130.117.0.122 16.610 ms 16.150 ms
10 130.117.0.2 15.953 ms 15.913 ms 26.858 ms
11 62.115.38.13 15.538 ms 15.653 ms 15.472 ms
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
And below one?
pi@ph5b:~ $ nc -vz 185.22.45.49 53
Connection to 185.22.45.49 53 port [tcp/domain] succeeded!
Looks like something is blocking DNS trafic (53 UDP/TCP) upstream to that 185.22.45.49 IP.
Could ask your ISP for assistance.
EDIT: FYI:
pi@ph5b:~ $ whois 185.22.45.49
[..]
inetnum: 185.22.45.0 - 185.22.45.255
netname: InfrastructureDGW
country: DE
admin-c: DGNO-RIPE
tech-c: DGNO-RIPE
status: ASSIGNED PA
mnt-by: MNT-DGNO
created: 2021-11-17T13:26:08Z
last-modified: 2021-11-17T13:26:08Z
source: RIPE
role: DGNO Role account
address: Ostlandstrasse 5 Borken
admin-c: MG3031-RIPE
admin-c: TB10602-RIPE
tech-c: MG3031-RIPE
tech-c: TB10602-RIPE
nic-hdl: DGNO-RIPE
mnt-by: MNT-DGNO
abuse-mailbox: abuse@deutsche-glasfaser.de
created: 2013-03-22T12:16:03Z
last-modified: 2021-11-16T14:30:53Z
source: RIPE # Filtered
% Information related to '185.22.45.0/24AS60294'
route: 185.22.45.0/24
descr: DG-W Network
origin: AS60294
mnt-by: MNT-DGNO
created: 2016-01-21T11:16:47Z
last-modified: 2016-01-21T11:16:47Z
source: RIPE
[..]
Just as deHakkelaar, I have no problems resolving deutsche-glasfaser.de through that IPv4.
185.22.45.49 is the IPv4 of one of Deutsche-Glasfaser's DNS servers, dnsauth002.dg-w.de (another is dnsauth001.dg-w.de).
~$ nslookup dnsauth002.dg-w.de
Server: 192.168.178.28
Address: 192.168.178.28#53
Non-authoritative answer:
Name: dnsauth002.dg-w.de
Address: 185.22.45.49
Name: dnsauth002.dg-w.de
Address: 2a00:6020:200::2
What does above nslookup return for you?
As that server IP is answering DNS requests from certain networks (as deHakkelaar's, DL6ER's and mine), it would seem that either your ISP blocks access to 185.22.45.49, or that DNS server is rejecting requests originating from your ISP's network IPv4 address range.
The latter would definitely be a misconfiguration of Deutsche-Glasfaser's DNS resolution chain: 185.22.45.49 shouldn't be provided as authoritative DNS server if it cannot properly handle DNS requests.
If your network would have public IPv6 connectivity, could you try to resolve through dnsauth002.dg-w.de's IPv6 address (maybe their IPv6 server is configured correctly):
dig +norecurse @2a00:6020:200::2 deutsche-glasfaser.de.
1 Like
It returns:
I forgot to mention that Deutsche Glasfaser is my ISP. Could this be related to DNS requests being blocked within their own network?
Maybe. Not for all requests, though - it seems only DNS requests to their own authoritative DNS servers are not working.
Could you also try the dig to their IPv6?
Nice.
Unbound, like most all software, prefers IPv6 over IPv4.
It still means something is wrong upstream for the IPv4 part though 
1 Like
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.