Trying to unblock api.met.no

deHakkelaar · November 16, 2024, 1:44am

Oh I almost forgot but there is also another option that still allows DNSSEC validation but by Pi-hole itself instead of Unbound.
It involves filtering out any met.no queries and not forwarding them to Unbound upstream but to another DNS server supplied by you.
For that you have to create below new config file:

$ sudo nano /etc/dnsmasq.d/99-my-settings.conf
# Forward 'met.no' queries to Google
server=/met.no/8.8.8.8
server=/met.no/8.8.4.4

Save/exit and check syntax:

$ pihole-FTL --test
dnsmasq: syntax check OK.

Restart to apply:

$ pihole restartdns
  [✓] Restarting DNS server

If I now tail/follow the Pi-hole logs live with below:

pihole -t

And query Pi-hole with that troubled domain in another shell session:

$ dig @localhost api.met.no

; <<>> DiG 9.16.48-Raspbian <<>> @localhost api.met.no
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55504
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;api.met.no.                    IN      A

;; ANSWER SECTION:
api.met.no.             27      IN      A       157.249.81.141

;; Query time: 29 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Nov 16 02:27:32 CET 2024
;; MSG SIZE  rcvd: 55

I can see in the logs that the query is being forwarded to Google 8.8.8.8 instead of to Unbound 127.0.0.1#5335:

$ pihole -t
[..]
02:27:32: query[A] api.met.no from ::1
02:27:32: forwarded api.met.no to 8.8.8.8
02:27:32: reply api.met.no is 157.249.81.141

You can oc configure any other DNS servers instead of Google's.
Like for example your ISP DNS servers.

EDIT:

$ delv +rtrace @localhost api.met.no.
;; fetch: api.met.no/A
;; fetch: met.no/DNSKEY
;; fetch: met.no/DS
;; fetch: no/DNSKEY
;; fetch: no/DS
;; fetch: ./DNSKEY
; fully validated
api.met.no.             2       IN      A       157.249.81.141
api.met.no.             2       IN      RRSIG   A 10 3 300 20241215230004 20241115230004 488 met.no. TgFZspH4PWzwQCgm2BwsMcXVUQLYN+27zRUWml4/h/8PeAKWWAKsT/QE mYd83CgGDO185O3ijMo1IBvsi2dQf5u1aiF3GdP4+E+L2jxa1/TaFKmS BAsnGOHMSokYWxbSBLVAsvK5bTrCoP8MMI0DgnSx0NDBjYsG0HEOMK3/ RG/bLorWAnrd65NUmzEq4LyrDFo94DJSmQQdglcuJU/ViSG0eZOhZs8u hxrq9iZb0zJqwktD3VzHBOVRN7LI56PC4QIeWfSqlaYOMOiE6rOARfYf gj5v3VVHg4OYn/3AvfgHMu0TJ2+REave12EV82+hWsKf8DqmS92inY+e sTzATw==