Unbound fqdn issue certain sites not loading

nos · January 1, 2020, 12:46am

Please follow the below template, it will help us to help you!

Expected Behaviour:

Sites load by default

Actual Behaviour:

Cannot load certain sites with unbound working. Example is login.yahoo.com

Debug Token:

ab9nh34zdk

Hi All. Thanks to the friendly mods here my Unbound installation with pihole is working. I was testing my apps/sites that the family visits and found that login.yahoo.com does not resolve with Unbound used as the upstream DNS.

Here is the login.yahoo.com dig

root@raspberrypi:/home/pi# dig @127.0.0.1 -p 5353 login.yahoo.com

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> @127.0.0.1 -p 5353 login.yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62843
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;login.yahoo.com.               IN      A

;; ANSWER SECTION:
login.yahoo.com.        10      IN      CNAME   ds-ats.member.g02.yahoodns.net.

;; AUTHORITY SECTION:
g02.yahoodns.net.       300     IN      SOA     yf1.yahoo.com. hostmaster.yahoo-inc.com. 1577839320 30 30 86400 300

;; Query time: 148 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Dec 31 19:42:00 EST 2019
;; MSG SIZE  rcvd: 149

here is another random site that does load

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> @127.0.0.1 -p 5353 reddit.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41679
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;reddit.com.                    IN      A

;; ANSWER SECTION:
reddit.com.             71      IN      A       151.101.193.140
reddit.com.             71      IN      A       151.101.65.140
reddit.com.             71      IN      A       151.101.129.140
reddit.com.             71      IN      A       151.101.1.140

;; Query time: 46 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Dec 31 19:43:23 EST 2019
;; MSG SIZE  rcvd: 103

I have tried toggling the "never forward non FQDN's" options in the administrative interface and tried whitelisting this entry in the pihole interface. My question is, is there a way to force whitelisted entries within unbound itself? Or have any of you experienced this issue with specific sites? I will run into this eventually again and want to have a battle plan for the next time.

Thank you

nos · January 1, 2020, 3:17am

Can i just throw this in /etc/unbound/unbound.conf.d/pi-hole.conf or does it have to be a separate file?

nos · January 1, 2020, 3:27am

Let me know if this was correct..

sudo nano /etc/unbound/unbound.conf.d/qname-minimisation.conf

Changed qname-minimisation: yes to no
added the commented out line

#qname-minimisation-strict: yes

service unbound restart

dig now shows the IP and the site loads

DiG 9.11.5-P4-5.1-Raspbian <<>> @127.0.0.1 -p 5353 login.yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27001
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;login.yahoo.com. IN A

;; ANSWER SECTION:
login.yahoo.com. 168 IN CNAME ds-ats.member.g02.yahoodns.net.
ds-ats.member.g02.yahoodns.net. 60 IN A 67.195.204.151

;; Query time: 24 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Tue Dec 31 22:27:17 EST 2019
;; MSG SIZE rcvd: 104

system · January 22, 2020, 11:59am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.