OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • [Unbound DNS] Tips on why a domain won't resolve
« previous next »
  • Print
Pages: [1]

Author Topic: [Unbound DNS] Tips on why a domain won't resolve  (Read 1639 times)

cynicalApples7

  • Newbie
  • *
  • Posts: 16
  • Karma: 0
    • View Profile
[Unbound DNS] Tips on why a domain won't resolve
« on: January 11, 2023, 10:42:13 pm »

I am hoping someone could spare some tips on how to troubleshoot or fix
why this one specific domain wont resolve. This is the only domain that
I have come across that is not in my block-lists that wont resolve.

https://www.llthw.common-lisp.dev

------------------------------------------------------------------------
If I run a dig from my laptop
$ dig llthw.common-lisp.dev
; <<>> DiG 9.10.6 <<>> llthw.common-lisp.dev
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12308
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;llthw.common-lisp.dev.      IN   A

;; AUTHORITY SECTION:
dev.         4   IN   SOA   ns-tld1.charlestonroadregistry.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

;; Query time: 45 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Jan 11 22:33:29 CET 2023
;; MSG SIZE  rcvd: 148

------------------------------------------------------------------------
If I try to ping
$ ping llthw.common-lisp.dev
ping: cannot resolve llthw.common-lisp.dev: Unknown host

------------------------------------------------------------------------
Interfaces > Diagnostics > DNS Lookup
And if I run a DNS lookup from my OPNsense box not surprisingly returns
nothing

------------------------------------------------------------------------
System > Settings > General
No DNS entered and these are all unchecked:
- Allow DNS server list to be overridden by DHCP/PPP on WAN
- Do not use the local DNS service as a nameserver for this system
- Allow default gateway switching

Services > Unbound DNS General:
Pretty much out of the box setup.
√ Enable DNSSEC Support
√ Flush DNS cache during reload

DNS over TLS:
 HOST                          IP  PORT  VERIFY SN         
------------------------------------------------------------
 Cloudflare               1.1.1.1   853  cloudflare-dns.com
                          1.0.0.1                           
             2606:4700:4700::1111                           
             2606:4700:4700::1001                           

Blocklist:
√ enabled
Whitelist Domains
- www.llthw.common-lisp.dev

------------------------------------------------------------------------
Log file:
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving get-bx.g.aaplimg.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: 192.168.1.106 get-bx.g.aaplimg.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: query response was ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: response for gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: Verified that unsigned response is INSECURE
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: NSEC3s for the referral proved no DS.
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for aaplimg.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: response for gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving aaplimg.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: Verified that unsigned response is INSECURE
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: NSEC3s for the referral proved no DS.
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for akadns.net. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving akadns.net. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: validated DNSKEY net. DNSKEY IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving net. DNSKEY IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: validated DS net. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: Verified that unsigned response is INSECURE
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: NSEC3s for the referral proved no DS.
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for apple.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving apple.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: 192.168.1.106 gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: 192.168.1.106 gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: Could not establish a chain of trust to keys for resolver.arpa. DNSKEY IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.1.1.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validation success llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validate(nxdomain): sec_status_secure
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validated DNSKEY dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: query response was ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: response for dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validation success llthw.common-lisp.dev. HTTPS IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validate(nxdomain): sec_status_secure
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validated DNSKEY dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: query response was ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: response for dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: resolving dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validated DS dev. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: response for llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: resolving dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validated DS dev. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: response for llthw.common-lisp.dev. HTTPS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: validated DNSKEY arpa. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving arpa. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: validated DS arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: query response was ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: response for _dns.resolver.arpa. SVCB IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: resolving llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving _dns.resolver.arpa. SVCB IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: resolving llthw.common-lisp.dev. HTTPS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: 192.168.1.11 _dns.resolver.arpa. SVCB IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: 192.168.1.11 llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: 192.168.1.11 llthw.common-lisp.dev. HTTPS IN
« Last Edit: January 11, 2023, 11:40:56 pm by cynicalApples7 »
Logged

cynicalApples7

  • Newbie
  • *
  • Posts: 16
  • Karma: 0
    • View Profile
Re: [Unbound DNS] Tips on why a domain won't resolve
« Reply #1 on: January 12, 2023, 10:03:38 pm »
Today it works. I have done nothing the setup. Confusing.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • [Unbound DNS] Tips on why a domain won't resolve
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2