System is
OPNsense 25.1.12-amd64
FreeBSD 14.2-RELEASE-p4
OpenSSL 3.0.17
Unbound is running on port 53
up-to-date.
Under interfaces - diagnostics - DNS Lookup i.e. Hostname: google.com brings up:
Response
Type Answer Server Query time
A google.com. 300 IN A 142.250.184.238 127.0.0.1 29 msec
AAAA google.com. 300 IN AAAA 2a00:1450:4001:831::200e 127.0.0.1 29 msec
MX google.com. 300 IN MX 10 smtp.google.com. 127.0.0.1 27 msec
or t-online.de:
Response
Type Answer Server Query time
A t-online.de. 300 IN A 52.209.116.123
t-online.de. 300 IN A 34.246.241.220
t-online.de. 300 IN A 54.217.253.146 127.0.0.1 104 msec
MX
t-online.de. 7200 IN MX 10 mx03.t-online.de.
t-online.de. 7200 IN MX 10 mx01.t-online.de.
t-online.de. 7200 IN MX 10 mx02.t-online.de.
t-online.de. 7200 IN MX 10 mx00.t-online.de. 127.0.0.1 27 msec
So far so good.
While trying to lookup for zeppelin.com I get a network error:
Query failure
Error: error sending query: Could not send or receive, because of network error
From CLI with drill, dig or traceroute same problem.
#:dig zeppelin.com MX +trace
; <<>> DiG 9.20.10 <<>> zeppelin.com MX +trace
;; global options: +cmd
. 84892 IN NS d.root-servers.net.
. 84892 IN NS f.root-servers.net.
. 84892 IN NS e.root-servers.net.
. 84892 IN NS i.root-servers.net.
. 84892 IN NS m.root-servers.net.
. 84892 IN NS b.root-servers.net.
. 84892 IN NS a.root-servers.net.
. 84892 IN NS c.root-servers.net.
. 84892 IN NS l.root-servers.net.
. 84892 IN NS k.root-servers.net.
. 84892 IN NS j.root-servers.net.
. 84892 IN NS g.root-servers.net.
. 84892 IN NS h.root-servers.net.
. 84892 IN RRSIG NS 8 0 518400 20250906170000 20250824160000 46441 . XrZ9CBBLm4nziYVEaK3h4ZM05XT6zde0Gqlt5+VrRXb+nP2QZPfp64Wg eaZy55K4eMLJ1IoHhC8QZXGoei/a7xUkGGWtwQul4hLxaTRUcfeI/mAd DlQNTSY8oi8tFM+78UKnGCqPHFDkaupe64Qi73Do0UfxZ2a7aYjj3paY fNc5+1vmo7TUwdUtb2NM7qcVXR82kLj33DT8BwJ90LSnHJqXcF8Z8wQN ydfVx6M+Wd2wV+TFuUHvxWpWmgF3qkvI6sMUeajvVudPuBFrNh8SQX2A XqUaGbxeBr/W0scm2jfugMx/Nq7w1jYO6WarEtUx17PD/ke7fpekjLeL g7ysEA==
;; Received 1097 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com. 86400 IN RRSIG DS 8 1 86400 20250906170000 20250824160000 46441 . j180qM7z00ikoZnkPmiABdQCoSJMeUc1cQ+FYLsnu4qIQRJjDUyHXfiO VRJFM00EpNfikriYKvdOjCtRLVWz8zZA03lMkePBxAwwdY7NW8hhWYmR iA0xJuhIYilGGtIhf//P2bbechgVwvAWsDTyrMZxme8IkJaPV0sA2W1f 963s+7WJTlFy5xL3irw5KIYcJgIOEIkBfeGDSdXqvSiNK/JizVZ4iaYX oHJ457UqPS0/V/aE0fEJg6Xu5mkU4UqMYUty6e6aHKtNYyR7ITt6/a8k 7ALIQTGWM93zJcJd4Q5K/Xap7CYmPM3V3NHbWbRQdxVl+PEAb/JFozU9 ZXUALQ==
;; Received 1200 bytes from 192.33.4.12#53(c.root-servers.net) in 23 ms
zeppelin.com. 172800 IN NS ns1.arcor-ip.de.
zeppelin.com. 172800 IN NS ns2.arcor-ip.de.
zeppelin.com. 172800 IN NS ns3.arcor-ip.de.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20250831015158 20250824004158 20545 com. KwEWamEC8pX2daXBOa2BY/AGCUCb+3Khm5Ao6bpOsD8Aj1En1mb2hO00 CtpTsH5JQu5HQD8QFWyb6ss6/vz3Mg==
C0UGRKKSAS0GF6FFKTOPVKI97J1HPQGU.com. 900 IN NSEC3 1 1 0 - C0UH524PN2G0H9955GVG6V4VHIU6SG6Q NS DS RRSIG
C0UGRKKSAS0GF6FFKTOPVKI97J1HPQGU.com. 900 IN RRSIG NSEC3 13 2 900 20250831021716 20250824010716 20545 com. D5OzZM+00WbYpUrjSd2QRhQhypdYRzljSKs+oSUBXnmiqYqYWZ4C6UiK 232bYXEGFzIIGP0vd5qexHdyCuhA9g==
couldn't get address for 'ns1.arcor-ip.de': not found
couldn't get address for 'ns2.arcor-ip.de': not found
couldn't get address for 'ns3.arcor-ip.de': not found
dig: couldn't get address for 'ns1.arcor-ip.de': no more
and:
#drill zeppelin.com @127.0.0.1 -p53
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 27301
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; -p53. IN A
;; ANSWER SECTION:
;; AUTHORITY SECTION:
. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025082401 1800 900 604800 86400
;; ADDITIONAL SECTION:
;; Query time: 52 msec
;; SERVER: 127.0.0.1
;; WHEN: Mon Aug 25 00:43:19 2025
;; MSG SIZE rcvd: 97
#:drill zeppelin.com @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 27740
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; zeppelin.com. IN A
;; ANSWER SECTION:
zeppelin.com. 60 IN A 194.49.74.122
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 37 msec
;; SERVER: 1.1.1.1
;; WHEN: Mon Aug 25 00:44:48 2025
;; MSG SIZE rcvd: 46
For a test I changed the setup like this:
Hostname: zeppelin.com
Server: 1.1.1.1
brings up:
Response
Type Answer Server Query time
A zeppelin.com. 60 IN A 194.49.74.122 1.1.1.1 22 msec
MX zeppelin.com. 600 IN MX 10 mxb-00702901.gslb.pphosted.com.
zeppelin.com. 600 IN MX 10 mxa-00702901.gslb.pphosted.com. 1.1.1.1 27 msec
From another company/location in another city (same ISP - Germany vodafone business, static IP), same system setup, the domain zeppelin.com is reachable, lookup is working flawless, dig, drill etc. everything works as expected.
During the last week there was a disturbance with vodafone in this area. Internet was down/extremly slow. They told us, they're not 100% back on track they have to do some more investigations/repairing. Since Friday the speed is normal, remote work is no problem. But how can it be, that only this single domain is not reachable? Could it be possible at all?
I have no clue at all what's going on here. Any help/hint would be greatly appreciated.
Workaround - but no explaination:
Adding this specific domain to DoT (1.1.1.1) works.
Would like to know why unbound does not resolve. I don't get it.
Anyone?