Trying to unblock api.met.no

deHakkelaar · November 14, 2024, 8:59pm

Blast, above one should be set to three
Check/reload etc.

FYI:

$ man unbound.conf
[..]
       verbosity: <number>
              The verbosity number, level 0 means no verbosity, only
              errors.  Level 1 gives operational information.  Level
              2  gives  detailed  operational  information including
              short information per  query.   Level  3  gives  query
              level  information,  output  per query.  Level 4 gives
              algorithm level  information.   Level  5  logs  client
              identification  for cache misses.  Default is level 1.
              The verbosity can also be increased from the  command‐
              line, see unbound(8).

PWD · November 14, 2024, 9:04pm

Sorry, I should've thought to turn it up. Apologies for wasting your time.

Here's the output, I'm going to edit it after I post it in order to fix the line breaks

sudo journalctl --no-hostname --full --follow --unit unbound.service

Nov 14 21:00:50 unbound[14494]: [14494:0] info: Verified that unsigned response is INSECURE                     

Nov 14 21:00:50 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_wait_module event:module_event_moddone

Nov 14 21:00:50 unbound[14494]: [14494:0] info: subnetcache operate: query forum.phun.org. A IN                 

Nov 14 21:00:50 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_wait_subquery event:module_event_pass

Nov 14 21:00:50 unbound[14494]: [14494:0] info: validator operate: query forum.phun.org. AAAA IN                

Nov 14 21:00:50 unbound[14494]: [14494:0] info: NSEC3s for the referral proved no DS.                           

Nov 14 21:00:50 unbound[14494]: [14494:0] info: Verified that unsigned response is INSECURE                     

Nov 14 21:00:50 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_wait_module event:module_event_moddone                                  

Nov 14 21:00:50 unbound[14494]: [14494:0] info: subnetcache operate: query forum.phun.org. AAAA IN              

Nov 14 21:00:50 unbound[14494]: [14494:0] debug: cache memory msg=68723 rrset=96289 infra=94316 val=69648 subnet=74504                                                  

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_state_initial event:module_event_new                                    

Nov 14 21:01:04 unbound[14494]: [14494:0] info: subnetcache operate: query api.met.no. A IN                     

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass                                     

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validator operate: query api.met.no. A IN                       

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass                                      

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving api.met.no. A IN                                      

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving (init part 2):  api.met.no. A IN                      

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving (init part 3):  api.met.no. A IN

Nov 14 21:01:04 unbound[14494]: [14494:0] info: processQueryTargets: api.met.no. A IN

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: removing 2 labels                                              

Nov 14 21:01:04 unbound[14494]: [14494:0] info: sending query: no. A IN                                         

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: sending to target: <.> 192.203.230.10#53                       

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: cache memory msg=68723 rrset=96289 infra=94316 val=69648 subnet=74504                                                  

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply                                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: iterator operate: query api.met.no. A IN                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: response for api.met.no. A IN                                   

Nov 14 21:01:04 unbound[14494]: [14494:0] info: reply from <.> 192.203.230.10#53

Nov 14 21:01:04 unbound[14494]: [14494:0] info: query response was REFERRAL

Nov 14 21:01:04 unbound[14494]: [14494:0] info: processQueryTargets: api.met.no. A IN                           

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: removing 1 labels                                              

Nov 14 21:01:04 unbound[14494]: [14494:0] info: sending query: met.no. A IN                                     

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: sending to target: <no.> 194.146.106.6#53

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: cache memory msg=68723 rrset=99998 infra=94316 val=69648 subnet=74504                                                  

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply                                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: iterator operate: query api.met.no. A IN                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: response for api.met.no. A IN

Nov 14 21:01:04 unbound[14494]: [14494:0] info: reply from <no.> 194.146.106.6#53

Nov 14 21:01:04 unbound[14494]: [14494:0] info: query response was REFERRAL                                     

Nov 14 21:01:04 unbound[14494]: [14494:0] info: processQueryTargets: api.met.no. A IN                           

Nov 14 21:01:04 unbound[14494]: [14494:0] info: sending query: api.met.no. A IN                                 

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 157.249.81.151#53                 

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: cache memory msg=68723 rrset=102221 infra=94316 val=69648 subnet=74504                                                 

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply                                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: iterator operate: query api.met.no. A IN                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: sanitize: removing potential poison RRset: nac.no. A IN         

Nov 14 21:01:04 unbound[14494]: [14494:0] info: sanitize: removing potential poison RRset: nac.no. AAAA IN      

Nov 14 21:01:04 unbound[14494]: [14494:0] info: response for api.met.no. A IN                                   

Nov 14 21:01:04 unbound[14494]: [14494:0] info: reply from <met.no.> 157.249.81.151#53                          

Nov 14 21:01:04 unbound[14494]: [14494:0] info: query response was ANSWER                                       

Nov 14 21:01:04 unbound[14494]: [14494:0] info: finishing processing for api.met.no. A IN                       

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone                                    

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validator operate: query api.met.no. A IN                       

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validated DS no. DS IN

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_state_initial event:module_event_pass                                   

Nov 14 21:01:04 unbound[14494]: [14494:0] info: subnetcache operate: query no. DNSKEY IN                        

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validator operate: query no. DNSKEY IN

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass                                      

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving no. DNSKEY IN                                         

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving (init part 2):  no. DNSKEY IN                         

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving (init part 3):  no. DNSKEY IN                         

Nov 14 21:01:04 unbound[14494]: [14494:0] info: processQueryTargets: no. DNSKEY IN                              

Nov 14 21:01:04 unbound[14494]: [14494:0] info: sending query: no. DNSKEY IN                                    

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: sending to target: <no.> 193.75.4.22#53                        

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: cache memory msg=69047 rrset=103387 infra=94316 val=69648 subnet=74504

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply                                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: iterator operate: query no. DNSKEY IN                           

Nov 14 21:01:04 unbound[14494]: [14494:0] info: response for no. DNSKEY IN                                      

Nov 14 21:01:04 unbound[14494]: [14494:0] info: reply from <no.> 193.75.4.22#53                                 

Nov 14 21:01:04 unbound[14494]: [14494:0] info: query response was ANSWER                                       

Nov 14 21:01:04 unbound[14494]: [14494:0] info: finishing processing for no. DNSKEY IN                          

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone                                    

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validator operate: query no. DNSKEY IN                          

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_wait_module event:module_event_moddone                                  

Nov 14 21:01:04 unbound[14494]: [14494:0] info: subnetcache operate: query no. DNSKEY IN                        

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validated DNSKEY no. DNSKEY IN                                  

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_wait_subquery event:module_event_pass                                     

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validator operate: query api.met.no. A IN                       

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validated DS met.no. DS IN                                      

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_state_initial event:module_event_pass                                   

Nov 14 21:01:04 unbound[14494]: [14494:0] info: subnetcache operate: query met.no. DNSKEY IN                    

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass                                     

Nov 14 21:01:04 unbound[14494]: [14494:0] info: validator operate: query met.no. DNSKEY IN                      

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass                                      

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving met.no. DNSKEY IN                                     

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving (init part 2):  met.no. DNSKEY IN                     

Nov 14 21:01:04 unbound[14494]: [14494:0] info: resolving (init part 3):  met.no. DNSKEY IN                     

Nov 14 21:01:04 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN                          

Nov 14 21:01:04 unbound[14494]: [14494:0] info: sending query: met.no. DNSKEY IN                                

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 157.249.81.150#53                 

Nov 14 21:01:04 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504

Nov 14 21:01:07 unbound[14494]: [14494:0] debug: tcp error for address 157.249.81.150 port 53                   

Nov 14 21:01:07 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply                                      

Nov 14 21:01:07 unbound[14494]: [14494:0] info: iterator operate: query met.no. DNSKEY IN                       

Nov 14 21:01:07 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN                          

Nov 14 21:01:07 unbound[14494]: [14494:0] info: sending query: met.no. DNSKEY IN                                

Nov 14 21:01:07 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 158.38.0.181#53                   

Nov 14 21:01:07 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504                                                 

Nov 14 21:01:09 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_state_initial event:module_event_new                                    

Nov 14 21:01:09 unbound[14494]: [14494:0] info: subnetcache operate: query api.met.no. A IN                     

Nov 14 21:01:09 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass                                     

Nov 14 21:01:09 unbound[14494]: [14494:0] info: validator operate: query api.met.no. A IN                       

Nov 14 21:01:09 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass                                      

Nov 14 21:01:09 unbound[14494]: [14494:0] info: resolving api.met.no. A IN                                      

Nov 14 21:01:09 unbound[14494]: [14494:0] info: finishing processing for api.met.no. A IN                       

Nov 14 21:01:09 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone                                    

Nov 14 21:01:09 unbound[14494]: [14494:0] info: validator operate: query api.met.no. A IN                       

Nov 14 21:01:09 unbound[14494]: [14494:0] info: validated DS met.no. DS IN

Nov 14 21:01:09 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504                                                 

Nov 14 21:01:10 unbound[14494]: [14494:0] debug: tcp error for address 158.38.0.181 port 53                     

Nov 14 21:01:10 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply                                      

Nov 14 21:01:10 unbound[14494]: [14494:0] info: iterator operate: query met.no. DNSKEY IN

Nov 14 21:01:10 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN

Nov 14 21:01:10 unbound[14494]: [14494:0] info: sending query: met.no. DNSKEY IN                                

Nov 14 21:01:10 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 157.249.81.150#53                 

Nov 14 21:01:10 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504                                                 

Nov 14 21:01:13 unbound[14494]: [14494:0] debug: tcp error for address 157.249.81.150 port 53                   

Nov 14 21:01:13 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply                                      

Nov 14 21:01:13 unbound[14494]: [14494:0] info: iterator operate: query met.no. DNSKEY IN                       

Nov 14 21:01:13 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN                          

Nov 14 21:01:13 unbound[14494]: [14494:0] info: sending query: met.no. DNSKEY IN                                

Nov 14 21:01:13 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 158.38.0.181#53

Nov 14 21:01:13 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504                                                 

Nov 14 21:01:14 unbound[14494]: [14494:0] debug: subnetcache[module 0] operate: extstate:module_state_initial event:module_event_new                                    

Nov 14 21:01:14 unbound[14494]: [14494:0] info: subnetcache operate: query api.met.no. A IN

Nov 14 21:01:14 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass                                     

Nov 14 21:01:14 unbound[14494]: [14494:0] info: validator operate: query api.met.no. A IN                       

Nov 14 21:01:14 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass                                      

Nov 14 21:01:14 unbound[14494]: [14494:0] info: resolving api.met.no. A IN                                      

Nov 14 21:01:14 unbound[14494]: [14494:0] info: finishing processing for api.met.no. A IN

Nov 14 21:01:14 unbound[14494]: [14494:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone                                    

Nov 14 21:01:14 unbound[14494]: [14494:0] info: validator operate: query api.met.no. A IN                       

Nov 14 21:01:14 unbound[14494]: [14494:0] info: validated DS met.no. DS IN                                      

Nov 14 21:01:14 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504                                                 

Nov 14 21:01:17 unbound[14494]: [14494:0] debug: tcp error for address 158.38.0.181 port 53                     

Nov 14 21:01:17 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply                                      

Nov 14 21:01:17 unbound[14494]: [14494:0] info: iterator operate: query met.no. DNSKEY IN                       

Nov 14 21:01:17 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN                          

Nov 14 21:01:17 unbound[14494]: [14494:0] info: sending query: met.no. DNSKEY IN                                

Nov 14 21:01:17 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 157.249.81.151#53                 

Nov 14 21:01:17 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504                                                 

Nov 14 21:01:20 unbound[14494]: [14494:0] debug: tcp error for address 157.249.81.151 port 53                   

Nov 14 21:01:20 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply                                      

Nov 14 21:01:20 unbound[14494]: [14494:0] info: iterator operate: query met.no. DNSKEY IN                       

Nov 14 21:01:20 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN                          

Nov 14 21:01:20 unbound[14494]: [14494:0] info: sending query: met.no. DNSKEY IN                                

Nov 14 21:01:20 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 158.38.0.181#53                   

Nov 14 21:01:20 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504                                                 

Nov 14 21:01:23 unbound[14494]: [14494:0] debug: tcp error for address 158.38.0.181 port 53                     

Nov 14 21:01:23 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply                                      

Nov 14 21:01:23 unbound[14494]: [14494:0] info: iterator operate: query met.no. DNSKEY IN                       

Nov 14 21:01:23 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN                          

Nov 14 21:01:23 unbound[14494]: [14494:0] info: sending query: met.no. DNSKEY IN                                

Nov 14 21:01:23 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 128.39.2.22#53                    

Nov 14 21:01:23 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504

Nov 14 21:01:26 unbound[14494]: [14494:0] debug: tcp error for address 128.39.2.22 port 53

Nov 14 21:01:26 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply                                      

Nov 14 21:01:26 unbound[14494]: [14494:0] info: iterator operate: query met.no. DNSKEY IN                       

Nov 14 21:01:26 unbound[14494]: [14494:0] info: processQueryTargets: met.no. DNSKEY IN                          

Nov 14 21:01:26 unbound[14494]: [14494:0] info: sending qu

deHakkelaar · November 14, 2024, 9:16pm

I found below:

Nov 14 21:01:04 unbound[14494:0] info: sending query: met.no. DNSKEY IN                              
Nov 14 21:01:04 unbound[14494]: [14494:0] debug: sending to target: <met.no.> 157.249.81.150#53                
Nov 14 21:01:04 unbound[14494]: [14494:0] debug: cache memory msg=69291 rrset=103891 infra=94316 val=70192 subnet=74504
Nov 14 21:01:07 unbound[14494]: [14494:0] debug: tcp error for address 157.249.81.150 port 53                   
Nov 14 21:01:07 unbound[14494]: [14494:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply

The equivalent dig command for above iteration is below:

$ dig +norecurse @157.249.81.150 met.no dnskey

; <<>> DiG 9.18.24-1-Debian <<>> +norecurse @157.249.81.150 met.no dnskey
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64687
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2a14d06155e8e8e6010000006736676ae42150edb26bc3c1 (good)
;; QUESTION SECTION:
;met.no.                                IN      DNSKEY

;; ANSWER SECTION:
met.no.                 3600    IN      DNSKEY  256 3 10 AwEAAZo/oq955v/VWrPQy3a1jfoXmolgEDxMQuSEGv4WPmm+NMLwUgC9 BQ/NN8SuwfCtSKJCiDdXVew211dEBx3c4fu2QR1q6S8TNRov67I6dJUA 8nWRnYlq89LYM1qUxVtxV5LEbQCs/nlTYy1N9q+/k5a6VEhvJFioh8Ta o0Ja2CFqI/qVlwbkHpXc3LLX9hcNIxj4tXMXo2Fm/taXCjNJ3DHU/K3d A/l+2BVM8L8yUS22fLmE4DZeMD4oNKB2zJkUv8POahTEqcBcK68XgJWX G6tCNHJOojcWfCbtzqIZoMsBSzBLwHcryLY1VoGs/U1u2qzMAE/RHccZ Ei+OgQZUUSE=
met.no.                 3600    IN      DNSKEY  257 3 10 AwEAAdZH/cqoqATSjeo6nSxhuzGrUf2PElufB4/LESQKvAIsveAGV2lA kd+/Ib0U2awj1uE9zBwUatE0f92RD9IdGKbQ17TXBkfvol2BPGMTaFNB 90E6nXxoYm6xunWPOlgD43IavpwjSV27WRF2jdrvS27F7t/iiqqG9sKG cJY9KWpXRqimvxTK8OQUDUVcMPtpkJRX0zuVghRorlTjgq44SUBR/Vmp KLyT4RmpAKvlJ1PG8fzvPfNr0TAXsR2iUXIVIxiGis7UhhlbmbaLuoL6 neNGISERBkQrzTCTNMYLEflT2uZz9AEn7nZa+sgYCGnkkY2Ok2pICsW8 dGquBra1XdJcC7KXmLYnWxk3mw+2x/xLwPYbpfk3eD+5/RFbsjzsZ3dn Ro23cdzHz8VY7m2sm3MCyGgN/flgsnQH0tZhZvs4VqzpGZZqs56JXl6Y sHslOWymJ+ONDj7HcUWpSqtTM9AaRLRzrFqaK3GWd1wgU2Hx+7IQgr36 MQ7dzm/BgvgsfzdEfV9GVYzX4IsO1788w0qeUxahkC9WH/qaUyyCk0YO ZXI+oWY71SgjMVjJGoXntaIB8grlhvWqZDftNynTWwhkL4N7eSmXxSYh 1ek4FaE9VnHqyEhaU/SznE0138bAGjtKGadCdRtSlK4N2JRJA5Gt34eY 4WVgIR4kT0mcCgW1

;; Query time: 39 msec
;; SERVER: 157.249.81.150#53(157.249.81.150) (UDP)
;; WHEN: Thu Nov 14 22:11:06 CET 2024
;; MSG SIZE  rcvd: 871

Or below equivalent one that can be run on a Windows, MacOS or Linux client:

$ nslookup -type=dnskey met.no 157.249.81.150
;; Truncated, retrying in TCP mode.
Server:         157.249.81.150
Address:        157.249.81.150#53

met.no  rdata_48 = 257 3 10 AwEAAdZH/cqoqATSjeo6nSxhuzGrUf2PElufB4/LESQKvAIsveAGV2lA kd+/Ib0U2awj1uE9zBwUatE0f92RD9IdGKbQ17TXBkfvol2BPGMTaFNB 90E6nXxoYm6xunWPOlgD43IavpwjSV27WRF2jdrvS27F7t/iiqqG9sKG cJY9KWpXRqimvxTK8OQUDUVcMPtpkJRX0zuVghRorlTjgq44SUBR/Vmp KLyT4RmpAKvlJ1PG8fzvPfNr0TAXsR2iUXIVIxiGis7UhhlbmbaLuoL6 neNGISERBkQrzTCTNMYLEflT2uZz9AEn7nZa+sgYCGnkkY2Ok2pICsW8 dGquBra1XdJcC7KXmLYnWxk3mw+2x/xLwPYbpfk3eD+5/RFbsjzsZ3dn Ro23cdzHz8VY7m2sm3MCyGgN/flgsnQH0tZhZvs4VqzpGZZqs56JXl6Y sHslOWymJ+ONDj7HcUWpSqtTM9AaRLRzrFqaK3GWd1wgU2Hx+7IQgr36 MQ7dzm/BgvgsfzdEfV9GVYzX4IsO1788w0qeUxahkC9WH/qaUyyCk0YO ZXI+oWY71SgjMVjJGoXntaIB8grlhvWqZDftNynTWwhkL4N7eSmXxSYh 1ek4FaE9VnHqyEhaU/SznE0138bAGjtKGadCdRtSlK4N2JRJA5Gt34eY 4WVgIR4kT0mcCgW1
met.no  rdata_48 = 256 3 10 AwEAAZo/oq955v/VWrPQy3a1jfoXmolgEDxMQuSEGv4WPmm+NMLwUgC9 BQ/NN8SuwfCtSKJCiDdXVew211dEBx3c4fu2QR1q6S8TNRov67I6dJUA 8nWRnYlq89LYM1qUxVtxV5LEbQCs/nlTYy1N9q+/k5a6VEhvJFioh8Ta o0Ja2CFqI/qVlwbkHpXc3LLX9hcNIxj4tXMXo2Fm/taXCjNJ3DHU/K3d A/l+2BVM8L8yUS22fLmE4DZeMD4oNKB2zJkUv8POahTEqcBcK68XgJWX G6tCNHJOojcWfCbtzqIZoMsBSzBLwHcryLY1VoGs/U1u2qzMAE/RHccZ Ei+OgQZUUSE=

Do you get same response when run the dig on the Pi-hole host and the nslookup on a Windows/MacOS/Linux client?

EDIT: About module_event_noreply in the journal:

module_event_noreply :
no reply, timeout or other error

deHakkelaar · November 14, 2024, 9:21pm

Oh one more to test:

$ nc -vzw 5 157.249.81.150 53
Connection to 157.249.81.150 53 port [tcp/domain] succeeded!

EDIT: And FYI:

$ whois 157.249.81.150
[..]
inetnum:        157.249.0.0 - 157.249.255.255
netname:        DNMI-NET
descr:          Meteorologisk institutt, Oslo
country:        NO

It doesnt have a reverse name:

$ dig +short -x 157.249.81.150
$

PWD · November 14, 2024, 9:23pm

nc -vzw 5 157.249.81.150 53       
Connection to 157.249.81.150 53 port [tcp/domain] succeeded!

PWD · November 14, 2024, 9:25pm

I tried to run nslopkup on my Raspberry Pi and on my Android and it wouldn't run on either

deHakkelaar · November 14, 2024, 9:26pm

And below A record lookup instead of dnskey?

dig +norecurse +tcp @157.249.81.150 met.no a

PWD · November 14, 2024, 9:28pm

I'm going to be editing but here's the raw

dig +norecurse +tcp @157.249.81.150 met.no a                                                                                                      
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> +norecurse +tcp @157.249.81.150 met.no a                               
; (1 server found)                                      
;; global options: +cmd

;; Got answer:                                          
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37877                                                       
;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 5                                                                                                    
;; OPT PSEUDOSECTION:                                   
; EDNS: version: 0, flags:; udp: 1232                   
; COOKIE: 8d5a08f8977127c60100000067366b4f759f273d54d8870e (good)

;; QUESTION SECTION:                                    
;met.no.                                IN      A
                                                        
;; ANSWER SECTION:                                      met.no.                 3600    IN      A       157.249.120.35                                                  met.no.                 3600    IN      A       157.249.121.84                                                                                                          
;; AUTHORITY SECTION:
met.no.                 3600    IN      NS      nn.uninett.no.
met.no.                 3600    IN      NS      dns-a.met.no.                                                   met.no.                 3600    IN      NS      nac.no. met.no.                 3600    IN      NS      dns-b.met.no.                                                                                                           ;; ADDITIONAL SECTION:                                  nac.no.                 80575   IN      A       128.39.2.22                                                     dns-a.met.no.           3600    IN      A       157.249.81.150                                                  dns-b.met.no.           3600    IN      A       157.249.81.151                                                  nac.no.                 80575   IN      AAAA    2001:700:0:102::aa53                                                                                                    
;; Query time: 51 msec                                  

;; SERVER: 157.249.81.150#53(157.249.81.150) (TCP)

;; WHEN: Thu Nov 14 21:27:43 GMT 2024                   
;; MSG SIZE  rcvd: 256

deHakkelaar · November 14, 2024, 9:29pm

No need!
Looks good.
Hold on?

deHakkelaar · November 14, 2024, 9:41pm

Forgot one, what does below do (via UDP only instead of TCP)?

dig +norecurse +notcp @157.249.81.150 met.no a

PWD · November 14, 2024, 9:43pm

dig +norecurse +notcp @157.249.81.150 met.no a                                                                                                    
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> +norecurse +notcp @157.249.81.150 met.no a                             
; (1 server found)                                      
;; global options: +cmd
;; Got answer:                                          
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42577                                                       ;; flags: qr aa ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 5                                                                                                    ;; OPT PSEUDOSECTION:                                   
; EDNS: version: 0, flags:; udp: 1232                   
; COOKIE: aa2a7f47fef770570100000067366ee4f497f19589697bcb (good)
;; QUESTION SECTION:                                    ;met.no.                                IN      A                                                               ;; ANSWER SECTION:                                      met.no.                 3600    IN      A       157.249.120.35                                                  met.no.                 3600    IN      A       157.249.121.84                                                                                                          ;; AUTHORITY SECTION:                                   met.no.                 3600    IN      NS      nn.uninett.no.                                                  met.no.                 3600    IN      NS      dns-a.met.no.                                                   met.no.                 3600    IN      NS      nac.no. met.no.                 3600    IN      NS      dns-b.met.no.                                                                                                           ;; ADDITIONAL SECTION:                                  nac.no.                 79658   IN      A       128.39.2.22                                                     dns-a.met.no.           3600    IN      A       157.249.81.150                                                  dns-b.met.no.           3600    IN      A       157.249.81.151                                                  nac.no.                 79658   IN      AAAA    2001:700:0:102::aa53                                                                                                    ;; Query time: 43 msec                                  
;; SERVER: 157.249.81.150#53(157.249.81.150) (UDP)      ;; WHEN: Thu Nov 14 21:43:00 GMT 2024                   ;; MSG SIZE  rcvd: 256

deHakkelaar · November 14, 2024, 9:45pm

And do you have a Windows, MacOS or Linux client on which you can run below on?

deHakkelaar:

Or below equivalent one that can be run on a Windows, MacOS or Linux client:

$ nslookup -type=dnskey met.no 157.249.81.150
;; Truncated, retrying in TCP mode.
Server:         157.249.81.150
Address:        157.249.81.150#53

met.no  rdata_48 = 257 3 10 AwEAAdZH/cqoqATSjeo6nSxhuzGrUf2PElufB4/LESQKvAIsveAGV2lA kd+/Ib0U2awj1uE9zBwUatE0f92RD9IdGKbQ17TXBkfvol2BPGMTaFNB 90E6nXxoYm6xunWPOlgD43IavpwjSV27WRF2jdrvS27F7t/iiqqG9sKG cJY9KWpXRqimvxTK8OQUDUVcMPtpkJRX0zuVghRorlTjgq44SUBR/Vmp KLyT4RmpAKvlJ1PG8fzvPfNr0TAXsR2iUXIVIxiGis7UhhlbmbaLuoL6 neNGISERBkQrzTCTNMYLEflT2uZz9AEn7nZa+sgYCGnkkY2Ok2pICsW8 dGquBra1XdJcC7KXmLYnWxk3mw+2x/xLwPYbpfk3eD+5/RFbsjzsZ3dn Ro23cdzHz8VY7m2sm3MCyGgN/flgsnQH0tZhZvs4VqzpGZZqs56JXl6Y sHslOWymJ+ONDj7HcUWpSqtTM9AaRLRzrFqaK3GWd1wgU2Hx+7IQgr36 MQ7dzm/BgvgsfzdEfV9GVYzX4IsO1788w0qeUxahkC9WH/qaUyyCk0YO ZXI+oWY71SgjMVjJGoXntaIB8grlhvWqZDftNynTWwhkL4N7eSmXxSYh 1ek4FaE9VnHqyEhaU/SznE0138bAGjtKGadCdRtSlK4N2JRJA5Gt34eY 4WVgIR4kT0mcCgW1
met.no  rdata_48 = 256 3 10 AwEAAZo/oq955v/VWrPQy3a1jfoXmolgEDxMQuSEGv4W

PWD · November 14, 2024, 9:47pm

Only my other Pi, which is a Pi 5. But it refuses to run on there. Even sudo apt install nslookup doesn't work

deHakkelaar · November 14, 2024, 10:11pm

Ok, just wanted to check if its de Pi-hole host itself or something in the net bugging you.
But it looks more network related.
Specifically payload size (in bytes below).

Below via UDP without any TCP involvement:

$ dig +norecurse @157.249.81.150 met.no dnskey
[..]
;; SERVER: 157.249.81.150#53(157.249.81.150) (UDP)
;; MSG SIZE  rcvd: 871

Normally, this particular query doesnt need to be queried again via TCP bc the size (871 bytes) is relatively small and should easily fit in a single UDP packet reply ... under normal circumstances.
With below you proved that UDP is possible just as long as the reply is small in size (256 bytes):

PWD:

dig +norecurse +notcp @157.249.81.150 met.no a                                                                                                    
[..]                         
;; SERVER: 157.249.81.150#53(157.249.81.150) (UDP)   
;; MSG SIZE  rcvd: 256

So it appears something is bugging/limiting UDP packet size upstream towards that 157.249.81.150 IP.
And maybe also causing issues when Unbound tries to fall back to TCP when via UDP is failing.
Which also seems to fail when there is a relatively larger dnskey reply.
I cant think of any solution at the moment other than contacting your ISP to investigate the network path provided by them.

But before you contact your ISP, make sure you double check with that nslookup (or dig) on another system.
Also make sure no router settings can hinder this DNS traffic like for example redirecting DNS etc (DNS filter) or some security related settings.

PWD · November 14, 2024, 10:22pm

Thank you for all the time and effort you've put into helping me deHakkelaar jfb and Bucking_Horn I am truly incredibly grateful. Your persistence and kindness has gone above and beyond and for that, I thank you all from the bottom of my heart. Thank you!

deHakkelaar · November 14, 2024, 10:25pm

You still have below that seemed to work:

EDIT: Oh and dont forget to lower verbosity to zero when done diagnosing!
It uses extra disk space and Pi-hole is already loging client queries.

deHakkelaar · November 16, 2024, 1:44am

Oh I almost forgot but there is also another option that still allows DNSSEC validation but by Pi-hole itself instead of Unbound.
It involves filtering out any met.no queries and not forwarding them to Unbound upstream but to another DNS server supplied by you.
For that you have to create below new config file:

$ sudo nano /etc/dnsmasq.d/99-my-settings.conf
# Forward 'met.no' queries to Google
server=/met.no/8.8.8.8
server=/met.no/8.8.4.4

Save/exit and check syntax:

$ pihole-FTL --test
dnsmasq: syntax check OK.

Restart to apply:

$ pihole restartdns
  [✓] Restarting DNS server

If I now tail/follow the Pi-hole logs live with below:

pihole -t

And query Pi-hole with that troubled domain in another shell session:

$ dig @localhost api.met.no

; <<>> DiG 9.16.48-Raspbian <<>> @localhost api.met.no
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55504
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;api.met.no.                    IN      A

;; ANSWER SECTION:
api.met.no.             27      IN      A       157.249.81.141

;; Query time: 29 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Nov 16 02:27:32 CET 2024
;; MSG SIZE  rcvd: 55

I can see in the logs that the query is being forwarded to Google 8.8.8.8 instead of to Unbound 127.0.0.1#5335:

$ pihole -t
[..]
02:27:32: query[A] api.met.no from ::1
02:27:32: forwarded api.met.no to 8.8.8.8
02:27:32: reply api.met.no is 157.249.81.141

You can oc configure any other DNS servers instead of Google's.
Like for example your ISP DNS servers.

EDIT:

$ delv +rtrace @localhost api.met.no.
;; fetch: api.met.no/A
;; fetch: met.no/DNSKEY
;; fetch: met.no/DS
;; fetch: no/DNSKEY
;; fetch: no/DS
;; fetch: ./DNSKEY
; fully validated
api.met.no.             2       IN      A       157.249.81.141
api.met.no.             2       IN      RRSIG   A 10 3 300 20241215230004 20241115230004 488 met.no. TgFZspH4PWzwQCgm2BwsMcXVUQLYN+27zRUWml4/h/8PeAKWWAKsT/QE mYd83CgGDO185O3ijMo1IBvsi2dQf5u1aiF3GdP4+E+L2jxa1/TaFKmS BAsnGOHMSokYWxbSBLVAsvK5bTrCoP8MMI0DgnSx0NDBjYsG0HEOMK3/ RG/bLorWAnrd65NUmzEq4LyrDFo94DJSmQQdglcuJU/ViSG0eZOhZs8u hxrq9iZb0zJqwktD3VzHBOVRN7LI56PC4QIeWfSqlaYOMOiE6rOARfYf gj5v3VVHg4OYn/3AvfgHMu0TJ2+REave12EV82+hWsKf8DqmS92inY+e sTzATw==

PWD · November 16, 2024, 9:38pm

OMG, I love you so much. Thank you. I got the email about this this morning and didn't wanna check in case it didn't work, but I finally just tried and it fixed it. Thank you so so much!

system · December 7, 2024, 9:39pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.