Unbound times out with: "communications error to 127.0.0.1#5335: timed out"

BengalEmpire767 · August 3, 2024, 4:28pm

hmm...
nslookup -class=chaos -type=txt version.bind 127.0.0.1

returns negative:

Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
*** Can't find version.bind: No answer

Authoritative answers can be found from:

however,
nslookup -class=chaos -type=txt version.bind 192.168.0.121 on my main PC returns:

Server:  pi.hole
Address:  192.168.0.121

*** No text (TXT) records available for version.bind

chrislph · August 3, 2024, 4:45pm

Thanks for checking those. And that first one was ran in a terminal on the Pi-hole directly?

If so, those results imply that something on the Pi-hole OS really is interfering with DNS, even though the debug log showed that FTL was runnning that service.

You can create another debug log if you want, but I don't recall seeing anything that was messing with FTL.

What does anyone else/devs think?

It seems like there are all kinds of things interfering here, since an earlier test eliminated Pi-hole and the home network and pointed at external interference. Yet this test shows that nslookup on localhost cannot get Pi-hole's version from the CH TXT record, which is probably why Windows also cannot access it from another host.

This is the kind of situation where, if I was there, I'd want to take an approach like Moto suggested and scrap absolutely everything and start over with one machine and router, test, and build up from there. Once the Pi-hole becomes involved, I'd start with a clean install of the latest OS, test that and install Pi-hole, test again and ensure everything is working. At the very end I would add Unbound. At any point, the testing might show that results are not as expected and this will reveal the cause.

Bucking_Horn · August 4, 2024, 9:08am

BengalEmpire767's unbound log demonstrates that the issue is lack of connectivity to the root servers:

That would be expected if something upstream is blocking access to the root servers (at least for port 53). If it is not a local firewall on the Pi-hole machine or the router blocking access, then something outside of your network's control is doing so, e.g. your ISP.

As I see it, deHakkelaar has supplied the best advice already:

deHakkelaar:

you can run on any Linux host with dig installed is:
$ dig +norecurse @192.36.148.17 . ns
(...)
The equivalent nslookup command syntax that you can run on any Windows, MacOS or Linux client is:
C:\>nslookup -type=ns . 192.36.148.17

system · August 25, 2024, 7:43pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.