Unbound returning NXDOMAIN on valid doamin (Disney+)

Help Community Help
1

Expected Behaviour:

For unbound to return NOERROR on Disney+ related domains, such as disney.api.edge.bamgrid.com.

Actual Behaviour:

I get Error 83 when trying to stream video from Disney+ from any device on my network.

Debug Token:

https://tricorder.pi-hole.net/2m7pQ6UO/

I've been streaming from Disney+ with no problem for the past 2 years or so. Just last week I started getting Error Code 83 from the Disney+ app, which typically indicates a connectivity problem. All other streaming apps work fine (Apple, Netflix, Max). I have a separate subnet for my wife that doesn't not use Pi-hole/Unbound and I can successfully stream Disney+ from there.

Troubleshooting led me to find that Unbound is returning NXDOMAIN for several domains related to Disney+. The one I've been troubleshooting with is disney.api.edge.bamgrid.com. If I set Pi-hole to use external upstream DNS servers, everything works fine.

Output of dig disney.api.edge.bamgrid.com with unbound:

@raspberrypi:/var/log $ 

; <<>> DiG 9.16.42-Debian <<>> disney.api.edge.bamgrid.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39534
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;disney.api.edge.bamgrid.com.   IN      A

;; AUTHORITY SECTION:
edge.bamgrid.com.       900     IN      SOA     ns-1171.awsdns-18.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 139 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Sep 16 18:20:23 MDT 2023
;; MSG SIZE  rcvd: 138

Output of dig disney.api.edge.bamgrid.com with Quad9:

; <<>> DiG 9.16.42-Debian <<>> disney.api.edge.bamgrid.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44317
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;disney.api.edge.bamgrid.com.   IN      A

;; ANSWER SECTION:
disney.api.edge.bamgrid.com. 10 IN      CNAME   d16tf39cmx7ftb.cloudfront.net.
d16tf39cmx7ftb.cloudfront.net. 22 IN    A       18.154.242.69
d16tf39cmx7ftb.cloudfront.net. 22 IN    A       18.154.242.129
d16tf39cmx7ftb.cloudfront.net. 22 IN    A       18.154.242.106
d16tf39cmx7ftb.cloudfront.net. 22 IN    A       18.154.242.46

;; Query time: 35 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Sep 16 18:25:02 MDT 2023
;; MSG SIZE  rcvd: 163

I found this thread, which led me to try flushing the zone with sudo unbound-control flush_zone bamgrid.com and confirming the entries were gone with sudo unbound-control dump_cache | grep bamgrid.com, but that made no difference.

I've pretty much maxed out my knowledge of DNS/Unbound. Unbound has worked great for me for several years and I'd like to keep using it. Does anyone have any ideas on what's causing this and how to fix it?

2

Raise the verbosity on your unbound log to 5. Restart unbound to flush the cache and load the new configuration with higher verbosity.

Then repeat your dig.

Compare your unbound log results with an online unbound instance and see where they differ.

https://unboundtest.com/m/A/disney.api.edge.bamgrid.com/YP6TRTNT

Unrelated to your problem, but noted in your debug log - the head and tail of your pihole.log contain only this. Are you running software that is querying the Pi-hole API?

*** [ DIAGNOSING ]: Pi-hole log
-rw-r----- 1 pihole pihole 30M Sep 16 18:12 /var/log/pihole/pihole.log
   -----head of pihole.log------
   Sep 16 00:00:09 dnsmasq[1100]: config cachesize.bind is <TXT>
   Sep 16 00:00:09 dnsmasq[1100]: config insertions.bind is <TXT>
   Sep 16 00:00:09 dnsmasq[1100]: config evictions.bind is <TXT>
   Sep 16 00:00:09 dnsmasq[1100]: config hits.bind is <TXT>
   Sep 16 00:00:09 dnsmasq[1100]: config misses.bind is <TXT>
   Sep 16 00:00:09 dnsmasq[1100]: config servers.bind is <TXT>
   Sep 16 00:00:10 dnsmasq[1100]: config cachesize.bind is <TXT>
   Sep 16 00:00:10 dnsmasq[1100]: config insertions.bind is <TXT>
   Sep 16 00:00:10 dnsmasq[1100]: config evictions.bind is <TXT>
   Sep 16 00:00:10 dnsmasq[1100]: config hits.bind is <TXT>
   Sep 16 00:00:10 dnsmasq[1100]: config misses.bind is <TXT>
   Sep 16 00:00:10 dnsmasq[1100]: config servers.bind is <TXT>
   Sep 16 00:00:11 dnsmasq[1100]: config cachesize.bind is <TXT>
   Sep 16 00:00:11 dnsmasq[1100]: config insertions.bind is <TXT>
   Sep 16 00:00:11 dnsmasq[1100]: config evictions.bind is <TXT>
   Sep 16 00:00:11 dnsmasq[1100]: config hits.bind is <TXT>
   Sep 16 00:00:11 dnsmasq[1100]: config misses.bind is <TXT>
   Sep 16 00:00:11 dnsmasq[1100]: config servers.bind is <TXT>
   Sep 16 00:00:12 dnsmasq[1100]: config cachesize.bind is <TXT>
   Sep 16 00:00:12 dnsmasq[1100]: config insertions.bind is <TXT>

   -----tail of pihole.log------
   Sep 16 18:12:02 dnsmasq[1813]: config misses.bind is <TXT>
   Sep 16 18:12:02 dnsmasq[1813]: config servers.bind is <TXT>
   Sep 16 18:12:03 dnsmasq[1813]: config cachesize.bind is <TXT>
   Sep 16 18:12:03 dnsmasq[1813]: config insertions.bind is <TXT>
   Sep 16 18:12:03 dnsmasq[1813]: config evictions.bind is <TXT>
   Sep 16 18:12:03 dnsmasq[1813]: config hits.bind is <TXT>
   Sep 16 18:12:03 dnsmasq[1813]: config misses.bind is <TXT>
   Sep 16 18:12:03 dnsmasq[1813]: config servers.bind is <TXT>
   Sep 16 18:12:04 dnsmasq[1813]: config cachesize.bind is <TXT>
   Sep 16 18:12:04 dnsmasq[1813]: config insertions.bind is <TXT>
   Sep 16 18:12:04 dnsmasq[1813]: config evictions.bind is <TXT>
   Sep 16 18:12:04 dnsmasq[1813]: config hits.bind is <TXT>
   Sep 16 18:12:04 dnsmasq[1813]: config misses.bind is <TXT>
   Sep 16 18:12:04 dnsmasq[1813]: config servers.bind is <TXT>
   Sep 16 18:12:05 dnsmasq[1813]: config cachesize.bind is <TXT>
   Sep 16 18:12:05 dnsmasq[1813]: config insertions.bind is <TXT>
   Sep 16 18:12:05 dnsmasq[1813]: config evictions.bind is <TXT>
   Sep 16 18:12:05 dnsmasq[1813]: config hits.bind is <TXT>
   Sep 16 18:12:05 dnsmasq[1813]: config misses.bind is <TXT>
   Sep 16 18:12:05 dnsmasq[1813]: config servers.bind is <TXT>
1 Like
3

Well, it's fixed, but only because I uninstalled and reinstalled unbound. I managed to stupidly delete the unbound.conf file, and decided to just reinstall rather than recreate it.

Thanks for your advice. At least I'll know what to try if it happens again.

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.