Some sites cant be reached with unbound upstream

Expected behavior would be managing to resolve the site, like:

image657×365 36.8 KB

Actual behavior is like this:

image483×101 25.9 KB

Im using pi zero 2w with the latest 64bit official lite os.
I followed the documentation while installing both unbound and pi hole

It is similiar to this thread:

However the solution of

sudo systemctl start systemd-resolved
sudo systemctl enable systemd-resolved
systemd-resolve --status

Didn't seems to help (I guess I missed somthing)
Thanks in advance

Debug Token:

_[https://tricorder.pi-hole.net/PshE6nsc/]_l

Which ISP are you using? "Partner"? Because I use them and that's the problem I'm facing as well.

Nope, its Cellcom
I doubt its ISP related.

I'm thinking of one of 2 possibilities

1. Misconfiguration on our part might be even the pi itself and not necessarily unbound as the same happen to me when I tried PowerDNS.
2. Something with these sites specifically, however I've seen on your thread that others managed to resolve them so I don't know...

Also, on your thread you said you have an Asus router correct? so I assume you have another router which is the ISP one and the Asus one connected to it? I have a similar setup (but with xiaomi router) Maybe its related?

If you connect your PC directly to your ISP's fiber converter (bypass your router and bypass your Pi), then launch CMD and type:
nslookup -type=a ns3.bezeqint.net. 212.179.7.7
What do you get?

I dont have a fiber converter, its built in to the ISPs router.
I tried to check from it anyway (bypassing the pi hole and my regular router)
Here:

Screenshot_20240112_222401570×284 178 KB

Unbound log would be useful to know what happen there as everything seems to work when using 8.8.8.8 instead of pihole, which rely on Unbound.

No problem with this site.
n12.co.il is reachable w. Pihole/Unbound setup.

That's exactly what I'm getting and this is why you have issues with sites when you're using Unbound.
Any site that has in its route Bezeq's name server, will fail when using recursive DNS.

If you switch to 8.8.8.8 (iterative DNS) you won't have issues reaching sites that have Bezeq name servers in their route.

@Yahavsh this issue only happened to me since I moved to a different city (northern part of Israel). I don't know if it's a geographical issue, but you just helped me to verify that there's an issue with using recursive DNS and Bezeq name servers.

pi@ph5b:~ $ sudo unbound-control lookup n12.co.il
The following name servers are used for lookup of n12.co.il.
;rrset 86395 3 0 2 0
n12.co.il.      86395   IN      NS      ns1.bezeqint.net.
n12.co.il.      86395   IN      NS      ns2.bezeqint.net.
n12.co.il.      86395   IN      NS      ns3.bezeqint.net.
;rrset 55 1 0 8 0
ns3.bezeqint.net.       55      IN      A       192.115.132.132
;rrset 86395 1 0 1 0
ns3.bezeqint.net.       86395   IN      AAAA    2001:4cd0::10:0:0:132
;rrset 55 1 0 8 0
ns2.bezeqint.net.       55      IN      A       212.179.7.7
;rrset 86395 1 0 1 0
ns2.bezeqint.net.       86395   IN      AAAA    2001:4cd0::11:0:0:7
;rrset 55 1 0 8 0
ns1.bezeqint.net.       55      IN      A       62.219.128.128
;rrset 86395 1 0 1 0
ns1.bezeqint.net.       86395   IN      AAAA    2001:4cd0::31:0:0:128
Delegation with 3 names, of which 0 can be examined to query further addresses.
It provides 6 IP addresses.
2001:4cd0::31:0:0:128   not in infra cache.
62.219.128.128          not in infra cache.
2001:4cd0::11:0:0:7     not in infra cache.
212.179.7.7             not in infra cache.
2001:4cd0::10:0:0:132   not in infra cache.
192.115.132.132         rto 401 msec, ttl 895, ping 13 var 97 rtt 401, tA 0, tAAAA 0, tother 0, EDNS 0 probed.

I assume this is only when checking it from Israel with Israeli ISP.
When I tried it on my friends PC who lives in a different region, it works.

Did you ask your ISP whats going on?

Yes, they have no clue what's the issue.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.