Trying to find out why my unbound will not resolve www.startpuntgeldzaken.nl
Joe Abley
jabley at hopcount.ca
Wed May 5 21:41:35 UTC 2021
On 5 May 2021, at 16:23, Gerben Wierda via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
> What I see is this (reliably)
>
> When asking 8.8.8.8 or 9.9.9.9 directly, the name is resolved.
>
> But when unbound forwards to 8.8.8.8 or 9.9.9.9, it fails.
>
> In other words: I can realiable ask 9.9.9.9 for www.startpuntgeldzaken.nl but I cannot get unbound to get that same info via a forward.
My instinct is that this has nothing to do with the domain name in question, nothing to do with what is happening at 8.8.8.8 or 9.9.9.9 and nothing to do with where that domain name is hosted.
I think if you look at the packets on the wire you will find either (a) the source address of upstream queries sent from your unbound instance is not reachable across the Internet, e.g. you're missing a NAT or you have multiple interfaces on the host running unbound, and the outbound interface is filtered or otherwise not as functional as you expect, or (b) you have firewall rules or other device permission constraints on the host running unbound that are different from what happens when you run dig.
If I'm wrong I'll buy you a beer the next time we are all allowed to meet in person. :-)
Joe
More information about the Unbound-users
mailing list