-
-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to resolve .eu TLD #1044
Comments
From looking at the logs, it seems that the issue is that Unbound is configured to DNSSEC validate. The .eu DNSKEY is too large to fit in a UDP response. UDP responses work fine, but the TCP response fails with a timeout. This happens again and again, until you give up. Perhaps the firewall is set to allow UDP but not TCP traffic? TCP traffic does not get answers, and this is why the resolution fails, it works but the DNSSEC verification fails to fetch the .eu DNSKEY RRset because it is large and needs to use TCP for transport, and TCP traffic fails with timeout. Unbound tries several of the upstream forwarders that are configured. |
Well, disabling DNSSEC validation per this page in the docs does in fact make it work again. I also tried disabling all rules in iptables and the firewall on my modem, neither seemed to matter. I also have no trouble setting up any other TCP connections, and it seems to be relatively recent development (it started around the beginning of this week). Do you know if there's a reliable way to test if this is a firewall issue of some kind? |
Supposedly when Unbound makes a TCP connection, this is very similar to performing a |
|
If it works like that then why can Unbound not do it? It is really doing the same thing; unless you use configuration options like outgoing-interface, or socket options, or TLS settings. |
Describe the bug
Unbound is unable to resolve domains for the .eu TLD. The dig command fails with timeouts. It works fine for other TLDs but not for any .eu-domain that I tested.
To reproduce
Steps to reproduce the behavior:
Expected behavior
A proper result instead of a timeout.
System:
unbound -V
output:Additional information
I'm running on a Raspberry Pi. This is the command output when testing:
This was the log produced:
unbound.log
Relevant config files (uploaded as .txt because github doesn't like .conf):
unbound.conf.txt
pi-hole.conf.txt
resolvconf_resolvers.conf.txt
remote-control.conf.txt
root-auto-trust-anchor-file.conf.txt
The text was updated successfully, but these errors were encountered: