Please follow the below template, it will help us to help you!
Expected Behaviour:
When using Pi-hole and unbound, using the default configuration in the documentation, I should be able to access common domains like facebook.com, hub.docker.com, community.unifi.com
Actual Behaviour:
When trying to access certain domains, such as hub.docker.com, facebook.com, I am just getting a DNS_PROBE_FINISHED_NXDOMAIN error in the browser, and an unable to load the site. Sometimes the error is inconsistent, like I can load facebook.com for a few minutes, but not scontent.fbhx4-1.fna.fbcdn.net. It also has been working inconsistently across multiple drives and browsers, but the majority of the time it doesn't work at all.
|2024-03-23 00:23:41|PTR|1.0.28.172.in-addr.arpa|localhost|OK (cache)|NXDOMAIN (0.0ms)||
|---|---|---|---|---|---|---|
|2024-03-23 00:23:41|PTR|1.0.28.172.in-addr.arpa|172.28.0.1|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:23:45|PTR|1.0.28.172.in-addr.arpa|172.28.0.1|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:24:34|PTR|181.2.44.10.in-addr.arpa|localhost|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:24:34|PTR|181.2.44.10.in-addr.arpa|172.28.0.1|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:24:38|PTR|181.2.44.10.in-addr.arpa|172.28.0.1|OK (cache)|NXDOMAIN (0.1ms)||
|2024-03-23 00:23:32|PTR|2.2.44.10.in-addr.arpa|localhost|OK (cache)|NXDOMAIN (0.9ms)||
|2024-03-23 00:23:32|PTR|2.2.44.10.in-addr.arpa|172.28.0.1|OK (cache)|NXDOMAIN (0.9ms)||
|2024-03-23 00:23:36|PTR|2.2.44.10.in-addr.arpa|172.28.0.1|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:24:51|A|ajax.googleapis.com|10.44.2.2|OK (answered by localhost#5335)|IP (10.4ms)||
|2024-03-23 00:24:51|HTTPS|ajax.googleapis.com|10.44.2.2|OK (answered by localhost#5335)|NODATA (20.8ms)||
|2024-03-23 00:24:03|A|ams03pap002.storage.live.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (0.4ms)||
|2024-03-23 00:25:14|A|analyticsnew.overwolf.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (0.5ms)||
|2024-03-23 00:25:10|A|apps.overwolf.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (0.4ms)||
|2024-03-23 00:23:32|A|array518.prod.do.dsp.mp.microsoft.com|10.44.2.2|OK (answered by localhost#5335)|IP (0.7ms)||
|2024-03-23 00:24:51|HTTPS|askubuntu.com|10.44.2.2|OK (answered by localhost#5335)|BLOB (48.8ms)||
|2024-03-23 00:24:51|A|askubuntu.com|10.44.2.2|OK (answered by localhost#5335)|IP (48.2ms)||
|2024-03-23 00:24:51|A|cdn.cookielaw.org|10.44.2.2|OK (answered by localhost#5335)|IP (0.7ms)||
|2024-03-23 00:24:51|HTTPS|cdn.cookielaw.org|10.44.2.2|OK (answered by localhost#5335)|BLOB (0.4ms)||
|2024-03-23 00:24:51|HTTPS|cdn.sstatic.net|10.44.2.2|OK (answered by localhost#5335)|BLOB (92.4ms)||
|2024-03-23 00:24:51|A|cdn.sstatic.net|10.44.2.2|OK (answered by localhost#5335)|IP (92.4ms)||
|2024-03-23 00:24:51|HTTPS|content-autofill.googleapis.com|10.44.2.2|OK (answered by localhost#5335)|NODATA (0.3ms)||
|2024-03-23 00:24:51|A|content-autofill.googleapis.com|10.44.2.2|OK (answered by localhost#5335)|IP (0.3ms)||
|2024-03-23 00:23:52|A|fp.msedge.net|10.44.2.2|OK (answered by localhost#5335)|CNAME (0.5ms)||
|2024-03-23 00:24:51|A|geolocation.onetrust.com|10.44.2.2|OK (answered by localhost#5335)|IP (44.6ms)||
|2024-03-23 00:24:51|HTTPS|geolocation.onetrust.com|10.44.2.2|OK (answered by localhost#5335)|BLOB (45.0ms)||
|2024-03-23 00:24:34|HTTPS|get-bx.g.aaplimg.com|10.44.2.181|OK (answered by localhost#5335)|NODATA (0.6ms)||
|2024-03-23 00:23:32|A|google.com|10.44.2.2|OK (answered by localhost#5335)|IP (0.2ms)||
|2024-03-23 00:24:51|HTTPS|graph.facebook.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (11.0ms)||
|2024-03-23 00:24:51|A|graph.facebook.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (10.6ms)||
|2024-03-23 00:24:34|A|gsp-ssl.ls.apple.com|10.44.2.181|OK (answered by localhost#5335)|CNAME (135.3ms)||
|2024-03-23 00:24:34|HTTPS|gsp-ssl.ls.apple.com|10.44.2.181|OK (answered by localhost#5335)|CNAME (142.9ms)||
|2024-03-23 00:23:42|A|hooks.slack.com|172.28.0.1|OK (answered by localhost#5335)|IP (0.4ms)||
|2024-03-23 00:23:42|AAAA|hooks.slack.com|172.28.0.1|OK (answered by localhost#5335)|NODATA (0.5ms)||
|2024-03-23 00:23:46|A|hooks.slack.com|172.28.0.1|OK (cache)|IP (0.1ms)||
|2024-03-23 00:23:46|AAAA|hooks.slack.com|172.28.0.1|OK (cache)|NODATA (0.0ms)||
|2024-03-23 00:24:59|A|hooks.slack.com|172.28.0.1|OK (cache)|IP (0.0ms)||
|2024-03-23 00:24:59|AAAA|hooks.slack.com|172.28.0.1|OK (cache)|NODATA (0.0ms)||
|2024-03-23 00:25:03|AAAA|hooks.slack.com|172.28.0.1|OK (cache)|NODATA (0.1ms)||
|2024-03-23 00:25:03|A|hooks.slack.com|172.28.0.1|OK (cache)|IP (0.0ms)||
|2024-03-23 00:23:32|HTTPS|hub.docker.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (1.7ms)||
|2024-03-23 00:23:32|A|hub.docker.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (0.4ms)||
|2024-03-23 00:23:32|A|hub.docker.com|10.44.2.2|OK (cache)|CNAME (0.1ms)||
|2024-03-23 00:23:32|HTTPS|hub.docker.com|10.44.2.2|OK (cache)|CNAME (0.0ms)||
|2024-03-23 00:23:32|A|hub.docker.com|10.44.2.2|OK (cache)|CNAME (0.0ms)||
|2024-03-23 00:24:51|HTTPS|i.stack.imgur.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (66.8ms)||
|2024-03-23 00:24:51|A|i.stack.imgur.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (66.0ms)||
|2024-03-23 00:24:52|A|qa.sockets.stackexchange.com|10.44.2.2|OK (answered by localhost#5335)|IP (59.4ms)||
|2024-03-23 00:24:52|HTTPS|qa.sockets.stackexchange.com|10.44.2.2|OK (answered by localhost#5335)|NODATA (58.9ms)||
|2024-03-23 00:24:52|A|region1.google-analytics.com|10.44.2.2|OK (answered by localhost#5335)|IP (0.4ms)||
|2024-03-23 00:24:52|HTTPS|region1.google-analytics.com|10.44.2.2|OK (answered by localhost#5335)|NODATA (0.3ms)||
|2024-03-23 00:24:51|A|scontent.fbhx4-2.fna.fbcdn.net|10.44.2.2|OK (answered by localhost#5335)|NXDOMAIN (10.3ms)||
|2024-03-23 00:24:51|HTTPS|scontent.fbhx4-2.fna.fbcdn.net|10.44.2.2|OK (answered by localhost#5335)|NXDOMAIN (10.0ms)||
|2024-03-23 00:24:51|A|scontent.fbhx4-2.fna.fbcdn.net|10.44.2.2|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:24:51|HTTPS|scontent.fbhx4-2.fna.fbcdn.net|10.44.2.2|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:24:51|A|scontent.fbhx4-2.fna.fbcdn.net|10.44.2.2|OK (cache)|NXDOMAIN (0.0ms)||
|2024-03-23 00:24:21|A|settings-win.data.microsoft.com|10.44.2.2|OK (answered by localhost#5335)|CNAME (0.5ms)||
|2024-03-23 00:24:51|A|www.googletagmanager.com|10.44.2.2|OK (answered by localhost#5335)|IP (0.4ms)||
|2024-03-23 00:24:51|HTTPS|www.googletagmanager.com|10.44.2.2|OK (answered by localhost#5335)|NODATA (0.4ms)||
If I do a DNS lookup off my host machine, that seems to come back fine: (My local DNS server is 10.44.3.2 / 10.44.3.3, and my PC is 10.44.2.2)
Out from:
sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 3
/etc/unbound/unbound.conf.d/pi-hole.conf: logfile: /dev/stdout
/etc/unbound/unbound.conf.d/pi-hole.conf: use-syslog: no
/etc/unbound/unbound.conf.d/pi-hole.conf: log-queries: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 0.0.0.0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: ::0
/etc/unbound/unbound.conf.d/pi-hole.conf:
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-daemonize: no
/etc/unbound/unbound.conf.d/pi-hole.conf: hide-identity: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: hide-version: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: cache-min-ttl: 3600
/etc/unbound/unbound.conf.d/pi-hole.conf: cache-max-ttl: 86400
/etc/unbound/unbound.conf.d/pi-hole.conf: root-hints: "/var/lib/unbound/root.hints"
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
service unbound status
up (pid 271) 4303 seconds
I don't seem to have the same issue when pointing at some public DNS servers (i.e. Quad9), only when pointing at the unbound instance.
I have tried a few other things, such as manually updating the root.hints to the most recent version, but with no luck so far.
Edit:
Also just outputting some nslookups from the pi host itself:
root@pihole1:/# nslookup www.facebook.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.facebook.com canonical name = star-mini.c10r.facebook.com.
Name: star-mini.c10r.facebook.com
Address: 157.240.195.35
Name: star-mini.c10r.facebook.com
Address: 2a03:2880:f142:82:face:b00c:0:25de
root@pihole1:/# nslookup hub.docker.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find hub.docker.com: NXDOMAIN
root@pihole1:/# nslookup docker.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: docker.com
Address: 141.193.213.20
Name: docker.com
Address: 141.193.213.21