Unbound appending home.arpa to valid external-Resolved

Started by GrumpyOLTechie, August 03, 2025, 01:41:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 03, 2025, 01:41:47 AM Last Edit: August 04, 2025, 07:03:10 AM by GrumpyOLTechie Reason: switch from Quad9 to Cloudflare to resolve-am marking the thread resolved
Hi,

I have only found 1 URL that does this.

my ISP's help webpage.

with unbound running, all block lists cleared and disabled, no register anything in DNS forwarders or not, no static arp entries or anything like that
(I use quad9 unsecured DoT - IE - no blocking whatsoever)

I opened Firefox and Librewolf

Firefox is VPN only
Librewolf is bypass VPN

with the VPN connected Firefox loads help.teksavvy.com with zero issues
Librewolf is saying "We can't connect to the server at help.teksavvy.com"
I disconnect for the VPN and Firefox starts to give "We can't connect to the server at help.teksavvy.com"
I connect to my cell phones hot spot and both browsers load it up right away.

This is very odd to me so I captured some tcpdump on port 53 and 853



Resolved
August 03, 2025, 02:07:59 AM #1
Recursive name servers never manipulate the DNS name queried - the client's resolver library does that.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 03, 2025, 02:23:17 AM #2 Last Edit: August 03, 2025, 02:53:09 AM by GrumpyOLTechie
Hi,

TYVM for responding.
I was so excited that someone responded I forgot my manners.

so when you say "the client's resolver library"
would you be referring to my desktops client resolver?

On Linux what would that be?
I am running EndeavourOS.
or would you be referring to the DoT servers I forward to?
In my case, quad9 unsecured - dot10.quad9.net

"Edit#2: OK it IS the quad9 DoT servers doing this.
Probably because I have something misconfigured on my end.

I am unsure howto approach troubleshooting this.
Any ideas, hints, tips URL's anyone could provide?"

Edit#3: so, when I looked at my "automatically generated" resolv.conf file
 (the one that'll get overwritten if I edit it) it shows home.arpa as the search domain
I commented out the entry:

# Generated by NetworkManager
#search home.arpa

and left only the nameserver x.x.x.x entry, saved it and then -re-enabeld the DoT servers, then the help.teksavyy.com webpage opens just fine with the DoT servers at quad9 enabled




Tyvm once more for your response.
August 03, 2025, 02:50:05 AM #3
My next question is probably going to be in the EndeavourOS forum but does anyone know howto stop the network manager from automatically inserting a search domain into resolv.conf.

This is not normal behavior is it?

I have my desktop using dhcp so the domain name is coming from OPNSense is it not?

I checked my HOST.conf, hostname and resolv.conf and the only place I see the home.arpa domain is in the automatically generated entry in resolv.conf and my PC got that from the dhcp server on OPNSense.

Once again, I am sure this is something I did but I cannot figure out what and am trying to understand how to stop this behavior.

I'll go ask in the Endeavour OS forum to.

Thanks a bunch to everyone!
August 03, 2025, 06:38:10 PM #4
It was Quad9 in the end.

I was editing the resolv.conf to comment out my internal domain name and that would get the website working once more while also not seeming to negatively affect anything else
.
I disabled quad9 dot srv's and added cloud-flares and the issue is gone on cloud-flare.

This is probably still my fault as I had a setting to register dhcp clients in dns and that probably got sent to quad9's dns servers and yadda,yadda, yadda-like I said. Probably my own fault.

Print
Go Up Pages1
User actions