1. Forum
  2. FidoNet
  3. RBERRYPI

  • How to resolve Unbound causing N/A Reply for certain domains?

    From s|b@3:770/3 to All on Fri Feb 14 15:54:04 2025
    Anybody running Unbound (and Pi-Hole) on their RPi?

    I've been using Pi-Hole on my RPi4 for several years now and a couple
    months ago I decided to give Unbound a go. I followed the instructions
    as described in https://docs.pi-hole.net/guides/dns/unbound/ and set my
    DNS in Pi-Hole to 127.0.0.1#5335 (DNSSEC is unchecked). Everything seems
    to work fine, but then I noticed certain domains result in Server Not
    Found and the Query Log shows an N/A Reply for these sites.

    These are some examples:

    https://economie.fgov.be/ (in fact everything *.fgov.be)

    https://argenta.be/

    https://www.paypal-opladen.be/

    The first is a government site, the second a bank and the third a site
    to charge a paypal account. I don't know why, I'm not an expert, but
    I've got the impression it's not Unbound that is to blame, but the sites themselves (DNSSEC?). I've searched and searched for the N/A problem,
    but found no solution.

    A Reddit user with Pi-Hole and Unbound could reach these sites without a problem. I've started with a fresh image (with Pi-Hole installed) and reinstalled Unbound, but the problem persists.

    Pi-Hole is running under Bookworm (latest updates)
    Pi-hole v5.18.4 FTL v5.25.2 Web Interface v5.21

    --
    s|b

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Lawrence D'Oliveiro@3:770/3 to All on Sat Feb 15 07:05:16 2025
    On Fri, 14 Feb 2025 15:54:04 +0100, s|b wrote:

    https://economie.fgov.be/ (in fact everything *.fgov.be)

    https://argenta.be/

    https://www.paypal-opladen.be/

    Note that Unbound is a DNS service, it doesn’t look up URLs, it looks up domain names.

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From s|b@3:770/3 to Lawrence D'Oliveiro on Sat Feb 15 14:41:50 2025
    On Sat, 15 Feb 2025 07:05:17 -0000 (UTC), Lawrence D'Oliveiro wrote:

    Note that Unbound is a DNS service, it doesn’t look up URLs, it looks up domain names.

    I don't see how stating the obvious is helpful.

    I've set up Unbound as a recursive DNS server, but that doesn't do
    anything to the fact that I can access these sites when I bypass Unbound
    by setting another DNS (from my ISP for instance). That makes me think
    it's not Pi-Hole or something else, but Unbound (a faulty setting of
    mine? or a problem at the other side?) causing the problem. I can see in
    the query logs they are getting N/A as reply.

    And yet, another user with similar set up could reach these sites. I
    already reinstalled and followed all the steps and still the same
    problem with those... domains.

    --
    s|b

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From s|b@3:770/3 to All on Sat Feb 15 15:52:30 2025
    On Sat, 15 Feb 2025 14:41:51 +0100, s|b wrote:

    And yet, another user with similar set up could reach these sites. I
    already reinstalled and followed all the steps and still the same
    problem with those... domains.

    Just read a message on Reddit. Similar problem was solved by unchecking
    'Block UDP flood' in the router. Can't find this setting in my TP Link
    Archer AX55, but makes me think the router could be the culprit. (?)

    --
    s|b

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From Lawrence D'Oliveiro@3:770/3 to All on Sat Feb 15 21:33:20 2025
    On Sat, 15 Feb 2025 14:41:51 +0100, s|b wrote:

    On Sat, 15 Feb 2025 07:05:17 -0000 (UTC), Lawrence D'Oliveiro wrote:

    Note that Unbound is a DNS service, it doesn’t look up URLs, it looks
    up domain names.

    I don't see how stating the obvious is helpful.

    Remember you posted URLs, not simple domain names.

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From s|b@3:770/3 to Lawrence D'Oliveiro on Sun Feb 16 15:37:38 2025
    On Sat, 15 Feb 2025 21:33:21 -0000 (UTC), Lawrence D'Oliveiro wrote:

    Remember you posted URLs, not simple domain names.

    You're right and that was an error, but the topic clearly says
    _domains_. Again, this doesn't help my in any way.

    --
    s|b

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)
  • From mm0fmf@3:770/3 to All on Sun Feb 16 15:07:06 2025
    On 16/02/2025 14:37, s|b wrote:
    On Sat, 15 Feb 2025 21:33:21 -0000 (UTC), Lawrence D'Oliveiro wrote:

    Remember you posted URLs, not simple domain names.

    You're right and that was an error, but the topic clearly says
    _domains_. Again, this doesn't help my in any way.


    This one is definitely in need of plonking.

    *plonk*

    --- SoupGate-Win32 v1.05
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)