ULA is recursively not resolved


#1

Hi

first of all: a big thank you for this fantastic piece of software.

Second: It seems as if pihole is blocking reverse lookups on ULA addresses and marks them as bogus.
I have a pihole internaly with an unbound as upstream server with qname minimization. The router is a FritzBox and this is set for conditional forwarding of ‘fritz.box’ and the internal IPv4 network. This works well. But in the dashboard I have a number of ULA IPv6 reverse lookups and all are marked BOGUS.

I did a dig directly against the FritzBox and the result (name) was correct. I also tried it directly against the unbound at the NXDOMAIN result is also correct. But when I query against the pi-hole, I get a BOGUS result. I don’t get it againt the unbound, which also checks DNSSEC.

Ain’t it the case that, as there is no field to define it, the local ULA and there reverse lookups are not forwarded to the FritzBox with conditional forwarding? Is this only for IPv4?

Kind regards

Stefan


#2

How should we implement this as a feature request?


#3

The feature would be to include IPv6 into conditional forwarding. That’s what seems to be missing.


#4

Do you have also DNSSEC enabled in Pi-hole? If so, try again with with it disabled in Pi-hole. Unbound does check DNSSEC.


#5

Hi
thanks for the answer. I just don’t want to disable the DNSSEC. Also, I’m not sure if this is the problem. For me it seems as if the conditional forwarding is only used for IPv4 reverse lookups, not for IPv6. I have a number of digs attached…

The 192.168.40.1 is the FritzBox
The 192.168.40.2 (127.0.0.1) is the Pi-Hole (53) and unbound (on 5353)

As you can see,

the A, AAAA and PTR (IPv4) are answered correctly: pi-hole -> FritzBox
the PTR (IPv6) seems not to be forwarded to the FritzBox, but instead to the unbound (and fails)

I’d like to have the conditional forwarding for IPv6 local addresses (ULA) as well.


#7

pi@pi-hole:~ $ dig @192.168.40.2 -p 53 pi-nc1.fritz.box

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.2 -p 53 pi-nc1.fritz.box
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;pi-nc1.fritz.box. IN A

;; ANSWER SECTION:
pi-nc1.fritz.box. 9 IN A 192.168.40.62

;; AUTHORITY SECTION:
pi-nc1.fritz.box. 9 IN NS fritz.box.

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.40.1
fritz.box. 9 IN AAAA fd40::e228:6dff:fe65:3e03

;; Query time: 1 msec
;; SERVER: 192.168.40.2#53(192.168.40.2)
;; WHEN: Tue Feb 26 19:10:58 UTC 2019
;; MSG SIZE rcvd: 108

pi@pi-hole:~ $ dig @192.168.40.2 -p 5353 pi-nc1.fritz.box

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.2 -p 5353 pi-nc1.fritz.box
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

pi@pi-hole:~ $ dig @127.0.0.1 -p 5353 pi-nc1.fritz.box

; <<>> DiG 9.10.3-P4-Raspbian <<>> @127.0.0.1 -p 5353 pi-nc1.fritz.box
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9483
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;pi-nc1.fritz.box. IN A

;; AUTHORITY SECTION:
box. 900 IN SOA a.nic.box. support.ariservices.com. 1494208759 1800 300 1814400 1800

;; Query time: 96 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Feb 26 19:22:06 UTC 2019
;; MSG SIZE rcvd: 110

pi@pi-hole:~ $ dig @192.168.40.1 -p 53 pi-nc1.fritz.box

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.1 -p 53 pi-nc1.fritz.box
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59831
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;pi-nc1.fritz.box. IN A

;; ANSWER SECTION:
pi-nc1.fritz.box. 9 IN A 192.168.40.62

;; AUTHORITY SECTION:
pi-nc1.fritz.box. 9 IN NS fritz.box.

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.40.1
fritz.box. 9 IN AAAA fd40::e228:6dff:fe65:3e03

;; Query time: 1 msec
;; SERVER: 192.168.40.1#53(192.168.40.1)
;; WHEN: Tue Feb 26 19:12:08 UTC 2019
;; MSG SIZE rcvd: 108

pi@pi-hole:~ $ dig @192.168.40.2 -p 53 pi-nc1.fritz.box AAAA

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.2 -p 53 pi-nc1.fritz.box AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25287
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;pi-nc1.fritz.box. IN AAAA

;; ANSWER SECTION:
pi-nc1.fritz.box. 9 IN AAAA fd40::ba27:ebff:fec8:6aec

;; AUTHORITY SECTION:
pi-nc1.fritz.box. 9 IN NS fritz.box.

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.40.1
fritz.box. 9 IN AAAA fd40::e228:6dff:fe65:3e03

;; Query time: 1 msec
;; SERVER: 192.168.40.2#53(192.168.40.2)
;; WHEN: Tue Feb 26 19:24:56 UTC 2019
;; MSG SIZE rcvd: 120

pi@pi-hole:~ $ dig @127.0.0.1 -p 5353 pi-nc1.fritz.box AAAA

; <<>> DiG 9.10.3-P4-Raspbian <<>> @127.0.0.1 -p 5353 pi-nc1.fritz.box AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21140
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;pi-nc1.fritz.box. IN AAAA

;; AUTHORITY SECTION:
box. 661 IN SOA a.nic.box. support.ariservices.com. 1494208759 1800 300 1814400 1800

;; Query time: 31 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Feb 26 19:26:05 UTC 2019
;; MSG SIZE rcvd: 110

pi@pi-hole:~ $ dig @192.168.40.1 -p 53 pi-nc1.fritz.box AAAA

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.1 -p 53 pi-nc1.fritz.box AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4660
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;pi-nc1.fritz.box. IN AAAA

;; ANSWER SECTION:
pi-nc1.fritz.box. 9 IN AAAA fd40::ba27:ebff:fec8:6aec

;; AUTHORITY SECTION:
pi-nc1.fritz.box. 9 IN NS fritz.box.

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.40.1
fritz.box. 9 IN AAAA fd40::e228:6dff:fe65:3e03

;; Query time: 1 msec
;; SERVER: 192.168.40.1#53(192.168.40.1)
;; WHEN: Tue Feb 26 19:25:38 UTC 2019
;; MSG SIZE rcvd: 120

pi@pi-hole:~ $ dig @192.168.40.2 -p 53 -x 192.168.40.62

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.2 -p 53 -x 192.168.40.62
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41180
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;62.40.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
62.40.168.192.in-addr.arpa. 9 IN PTR pi-nc1.fritz.box.

;; AUTHORITY SECTION:
62.40.168.192.in-addr.arpa. 9 IN NS fritz.box.

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.40.1
fritz.box. 9 IN AAAA fd40::e228:6dff:fe65:3e03

;; Query time: 10 msec
;; SERVER: 192.168.40.2#53(192.168.40.2)
;; WHEN: Tue Feb 26 19:15:58 UTC 2019
;; MSG SIZE rcvd: 132

pi@pi-hole:~ $ dig @192.168.40.2 -p 5353 -x 192.168.40.62

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.2 -p 5353 -x 192.168.40.62
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

pi@pi-hole:~ $ dig @127.0.0.1 -p 5353 -x 192.168.40.62

; <<>> DiG 9.10.3-P4-Raspbian <<>> @127.0.0.1 -p 5353 -x 192.168.40.62
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49342
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;62.40.168.192.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
168.192.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Feb 26 19:22:49 UTC 2019
;; MSG SIZE rcvd: 114

pi@pi-hole:~ $ dig @192.168.40.1 -p 53 -x 192.168.40.62

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.1 -p 53 -x 192.168.40.62
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9240
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;62.40.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
62.40.168.192.in-addr.arpa. 9 IN PTR pi-nc1.fritz.box.

;; AUTHORITY SECTION:
62.40.168.192.in-addr.arpa. 9 IN NS fritz.box.

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.40.1
fritz.box. 9 IN AAAA fd40::e228:6dff:fe65:3e03

;; Query time: 1 msec
;; SERVER: 192.168.40.1#53(192.168.40.1)
;; WHEN: Tue Feb 26 19:16:46 UTC 2019
;; MSG SIZE rcvd: 132

pi@pi-hole:~ $ dig @192.168.40.2 -p 53 -x fd40::ba27:ebff:fec8:6aec

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.2 -p 53 -x fd40::ba27:ebff:fec8:6aec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48544
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;c.e.a.6.8.c.e.f.f.f.b.e.7.2.a.b.0.0.0.0.0.0.0.0.0.0.0.0.0.4.d.f.ip6.arpa. IN PTR

;; Query time: 10 msec
;; SERVER: 192.168.40.2#53(192.168.40.2)
;; WHEN: Tue Feb 26 19:19:07 UTC 2019
;; MSG SIZE rcvd: 101

pi@pi-hole:~ $ dig @192.168.40.2 -p 5353 -x fd40::ba27:ebff:fec8:6aec

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.2 -p 5353 -x fd40::ba27:ebff:fec8:6aec
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

pi@pi-hole:~ $ dig @127.0.0.1 -p 5353 -x fd40::ba27:ebff:fec8:6aec

; <<>> DiG 9.10.3-P4-Raspbian <<>> @127.0.0.1 -p 5353 -x fd40::ba27:ebff:fec8:6aec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2582
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;c.e.a.6.8.c.e.f.f.f.b.e.7.2.a.b.0.0.0.0.0.0.0.0.0.0.0.0.0.4.d.f.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
d.f.ip6.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Feb 26 19:20:48 UTC 2019
;; MSG SIZE rcvd: 160

pi@pi-hole:~ $ dig @192.168.40.1 -p 53 -x fd40::ba27:ebff:fec8:6aec

; <<>> DiG 9.10.3-P4-Raspbian <<>> @192.168.40.1 -p 53 -x fd40::ba27:ebff:fec8:6aec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37741
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;c.e.a.6.8.c.e.f.f.f.b.e.7.2.a.b.0.0.0.0.0.0.0.0.0.0.0.0.0.4.d.f.ip6.arpa. IN PTR

;; ANSWER SECTION:
c.e.a.6.8.c.e.f.f.f.b.e.7.2.a.b.0.0.0.0.0.0.0.0.0.0.0.0.0.4.d.f.ip6.arpa. 9 IN PTR pi-nc1.fritz.box.

;; AUTHORITY SECTION:
c.e.a.6.8.c.e.f.f.f.b.e.7.2.a.b.0.0.0.0.0.0.0.0.0.0.0.0.0.4.d.f.ip6.arpa. 9 IN NS fritz.box.

;; ADDITIONAL SECTION:
fritz.box. 9 IN A 192.168.40.1
fritz.box. 9 IN AAAA fd40::e228:6dff:fe65:3e03

;; Query time: 1 msec
;; SERVER: 192.168.40.1#53(192.168.40.1)
;; WHEN: Tue Feb 26 19:20:02 UTC 2019
;; MSG SIZE rcvd: 178