The issue I am facing:
unbound is not resolving at all
Details about my system:
Raspberry Pi 2 Model B Rev 1.1
Raspbian GNU/Linux 11 (bullseye)
What I have changed since installing Pi-hole:
Nothing. It's been working for several months, and now we had a power break, and after that it stopped working.
Further details:
When I switch pihole to use another upstream DNS server, then dig dnssec.works @127.0.0.1 -p 5335
works correctly:
; <<>> DiG 9.16.33-Raspbian <<>> dnssec.works @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62195
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dnssec.works. IN A
;; ANSWER SECTION:
dnssec.works. 858 IN A 5.45.107.88
;; Query time: 90 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Sat Nov 19 15:36:24 EET 2022
;; MSG SIZE rcvd: 57
If I select 127.0.0.1#5335
as an upstream DNS server, the same command times out.
This is my config as reported by sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
pi@pihole:~ $ sudo grep -v '#\|^$' -R /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "local"
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 192.168.1.3
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf:forward-zone:
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: name: "."
/etc/unbound/unbound.conf.d/resolvconf_resolvers.conf: forward-addr: 192.168.1.3
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: logfile: "/var/log/unbound/unbound.log"
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 3
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
pi@pihole:~ $
unbound-checkconf
doesn't report any issues:
pi@pihole:~ $ unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf
pi@pihole:~ $
Finally, here are some logs:
Service start:
[1668866502] unbound[7939:0] debug: module config: "subnetcache validator iterator"
[1668866502] unbound[7939:0] notice: init module 0: subnet
[1668866502] unbound[7939:0] debug: subnet: option registered (8)
[1668866502] unbound[7939:0] notice: init module 1: validator
[1668866502] unbound[7939:0] notice: init module 2: iterator
[1668866502] unbound[7939:0] debug: target fetch policy for level 0 is 3
[1668866502] unbound[7939:0] debug: target fetch policy for level 1 is 2
[1668866502] unbound[7939:0] debug: target fetch policy for level 2 is 1
[1668866502] unbound[7939:0] debug: target fetch policy for level 3 is 0
[1668866502] unbound[7939:0] debug: target fetch policy for level 4 is 0
[1668866502] unbound[7939:0] debug: Forward zone server list:
[1668866502] unbound[7939:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
[1668866502] unbound[7939:0] debug: Forward zone server list:
[1668866502] unbound[7939:0] info: DelegationPoint<local.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
[1668866502] unbound[7939:0] debug: cache memory msg=33040 rrset=33040 infra=3920 val=33196 subnet=41372
[1668866502] unbound[7939:0] info: start of service (unbound 1.13.1).
Some (suspicious) entries:
[1668866665] unbound[7939:0] debug: cache memory msg=36793 rrset=37695 infra=4384 val=35263 subnet=41372
[1668866665] unbound[7939:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1668866665] unbound[7939:0] info: iterator operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] info: response for crl.verisign.com. A IN
[1668866665] unbound[7939:0] info: reply from <.> 192.168.1.3#53
[1668866665] unbound[7939:0] info: query response was THROWAWAY
[1668866665] unbound[7939:0] info: processQueryTargets: crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: configured stub or forward servers failed -- returning SERVFAIL
[1668866665] unbound[7939:0] debug: return error response SERVFAIL
[1668866665] unbound[7939:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone
[1668866665] unbound[7939:0] info: validator operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: subnet[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1668866665] unbound[7939:0] info: subnet operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: cache memory msg=36793 rrset=37695 infra=4384 val=35263 subnet=41372
[1668866665] unbound[7939:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1668866665] unbound[7939:0] info: iterator operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] info: response for crl.verisign.com. A IN
[1668866665] unbound[7939:0] info: reply from <.> 192.168.1.3#53
[1668866665] unbound[7939:0] info: query response was THROWAWAY
[1668866665] unbound[7939:0] info: processQueryTargets: crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: configured stub or forward servers failed -- returning SERVFAIL
[1668866665] unbound[7939:0] debug: return error response SERVFAIL
[1668866665] unbound[7939:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone
[1668866665] unbound[7939:0] info: validator operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: subnet[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1668866665] unbound[7939:0] info: subnet operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: cache memory msg=36793 rrset=37695 infra=4384 val=35263 subnet=41372
[1668866665] unbound[7939:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1668866665] unbound[7939:0] info: iterator operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] info: response for crl.verisign.com. A IN
[1668866665] unbound[7939:0] info: reply from <.> 192.168.1.3#53
[1668866665] unbound[7939:0] info: query response was THROWAWAY
[1668866665] unbound[7939:0] info: processQueryTargets: crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: configured stub or forward servers failed -- returning SERVFAIL
[1668866665] unbound[7939:0] debug: return error response SERVFAIL
[1668866665] unbound[7939:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone
[1668866665] unbound[7939:0] info: validator operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: subnet[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1668866665] unbound[7939:0] info: subnet operate: query crl.verisign.com. A IN
[1668866665] unbound[7939:0] debug: cache memory msg=36793 rrset=37695 infra=4384 val=35263 subnet=41372
[1668866666] unbound[7939:0] debug: subnet[module 0] operate: extstate:module_state_initial event:module_event_new
[1668866666] unbound[7939:0] info: subnet operate: query connectivitycheck.gstatic.com. A IN
[1668866666] unbound[7939:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1668866666] unbound[7939:0] info: validator operate: query connectivitycheck.gstatic.com. A IN
[1668866666] unbound[7939:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass
[1668866666] unbound[7939:0] info: resolving connectivitycheck.gstatic.com. A IN
[1668866666] unbound[7939:0] info: processQueryTargets: connectivitycheck.gstatic.com. A IN
[1668866666] unbound[7939:0] info: sending query: connectivitycheck.gstatic.com. A IN
[1668866666] unbound[7939:0] debug: sending to target: <.> 192.168.1.3#53
[1668866666] unbound[7939:0] debug: cache memory msg=36793 rrset=37695 infra=4384 val=35263 subnet=41372
[1668866667] unbound[7939:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply
[1668866667] unbound[7939:0] info: iterator operate: query ctldl.windowsupdate.com. A IN
[1668866667] unbound[7939:0] info: processQueryTargets: ctldl.windowsupdate.com. A IN
[1668866667] unbound[7939:0] info: sending query: ctldl.windowsupdate.com. A IN
[1668866667] unbound[7939:0] debug: sending to target: <.> 192.168.1.3#53
[1668866667] unbound[7939:0] debug: cache memory msg=36793 rrset=37695 infra=4384 val=35263 subnet=41372
[1668866667] unbound[7939:0] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_noreply
[1668866667] unbound[7939:0] info: iterator operate: query ctldl.windowsupdate.com. A IN
[1668866667] unbound[7939:0] info: processQueryTargets: ctldl.windowsupdate.com. A IN
[1668866667] unbound[7939:0] info: sending query: ctldl.windowsupdate.com. A IN
[1668866667] unbound[7939:0] debug: sending to target: <.> 192.168.1.3#53
Could query response was THROWAWAY
mean something?
Any idea what could cause this issue?