RomeoMihalcea
July 1, 2021
141 views
0 votes
2 Answers

I have an Unbound container running on a test server to proxy DNS traffic. The problem is that it fails for some domains while working perfectly for everything else.

This is a response for a failed domain using dig:

dig @127.0.0.1 mail.protonmail.com

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @127.0.0.1 mail.protonmail.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24960
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mail.protonmail.com.       IN  A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 01 11:56:23 UTC 2021
;; MSG SIZE  rcvd: 48

Looking at the logs I get a few interesting bits:

info: resolving mail.protonmail.com. A IN
info: error sending query to auth server 2001:503:39c1::30 port 53
info: error sending query to auth server 2001:503:a83e::2:30 port 53
info: error sending query to auth server 2001:502:7094::30 port 53
info: error sending query to auth server 2001:503:39c1::30 port 53
info: resolving com. DNSKEY IN
info: response for mail.protonmail.com. A IN
info: reply from <com.> 192.35.51.30#53
info: query response was REFERRAL
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns2.protonmail.com. AAAA IN
info: resolving protonmail.com. DNSKEY IN
info: resolving ns1.protonmail.com. AAAA IN
info: response for ns3.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 3.127.12.149#53
info: query response was ANSWER
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
info: response for mail.protonmail.com. A IN
info: reply from <protonmail.com.> 185.70.40.19#53
info: query response was ANSWER
info: validated DS protonmail.com. DS IN
info: response for ns2.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 185.70.41.19#53
info: query response was ANSWER
info: response for ns1.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 185.70.41.19#53
info: query response was ANSWER
info: response for ns3.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 185.70.41.19#53
info: query response was nodata ANSWER
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
info: response for ns2.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 185.70.41.19#53
info: query response was nodata ANSWER
info: response for ns1.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 185.70.40.19#53
info: query response was nodata ANSWER
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
info: resolving ns2.protonmail.com. AAAA IN
info: resolving protonmail.com. DNSKEY IN
info: response for protonmail.com. DNSKEY IN
info: reply from <com.> 192.48.79.30#53
info: query response was REFERRAL
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns2.protonmail.com. AAAA IN
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
info: resolving ns1.protonmail.com. AAAA IN
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns3.protonmail.com. A IN
info: error sending query to auth server 2001:502:7094::30 port 53
info: response for ns3.protonmail.com. AAAA IN
info: reply from <com.> 192.41.162.30#53
info: query response was REFERRAL
info: resolving ns1.protonmail.com. AAAA IN
info: response for ns3.protonmail.com. A IN
info: reply from <com.> 192.31.80.30#53
info: query response was REFERRAL
info: resolving ns2.protonmail.com. AAAA IN
info: response for ns3.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 185.70.41.19#53
info: query response was nodata ANSWER
info: response for ns3.protonmail.com. A IN
info: reply from <protonmail.com.> 185.70.40.19#53
info: query response was ANSWER
info: resolving ns2.protonmail.com. AAAA IN
info: error sending query to auth server 2001:500:d937::30 port 53
info: resolving ns2.protonmail.com. A IN
info: response for ns2.protonmail.com. A IN
info: reply from <com.> 192.43.172.30#53
info: query response was REFERRAL
info: response for ns2.protonmail.com. AAAA IN
info: reply from <com.> 192.43.172.30#53
info: query response was REFERRAL
info: response for ns2.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 3.127.12.149#53
info: query response was nodata ANSWER
info: response for ns2.protonmail.com. A IN
info: reply from <protonmail.com.> 185.70.40.19#53
info: query response was ANSWER
info: resolving ns1.protonmail.com. AAAA IN
info: resolving ns1.protonmail.com. A IN
info: error sending query to auth server 2001:503:d2d::30 port 53
info: error sending query to auth server 2001:500:d937::30 port 53
info: error sending query to auth server 2001:503:eea3::30 port 53
info: error sending query to auth server 2001:501:b1f9::30 port 53
info: response for ns1.protonmail.com. A IN
info: reply from <com.> 192.43.172.30#53
info: query response was REFERRAL
info: response for ns1.protonmail.com. AAAA IN
info: reply from <com.> 192.55.83.30#53
info: query response was REFERRAL
info: response for ns1.protonmail.com. AAAA IN
info: reply from <protonmail.com.> 3.127.12.149#53
info: query response was nodata ANSWER
info: response for ns1.protonmail.com. A IN
info: reply from <protonmail.com.> 185.70.40.19#53
info: query response was ANSWER
info: Missing DNSKEY RRset in response to DNSKEY query.
info: resolving protonmail.com. DNSKEY IN
info: resolving ns2.protonmail.com. AAAA IN
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns1.protonmail.com. AAAA IN
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
info: Missing DNSKEY RRset in response to DNSKEY query.
info: resolving protonmail.com. DNSKEY IN
info: resolving ns2.protonmail.com. AAAA IN
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns1.protonmail.com. AAAA IN
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
info: Missing DNSKEY RRset in response to DNSKEY query.
info: resolving protonmail.com. DNSKEY IN
info: resolving ns2.protonmail.com. AAAA IN
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns1.protonmail.com. AAAA IN
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
info: Missing DNSKEY RRset in response to DNSKEY query.
info: resolving protonmail.com. DNSKEY IN
info: resolving ns2.protonmail.com. AAAA IN
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns1.protonmail.com. AAAA IN
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
info: Missing DNSKEY RRset in response to DNSKEY query.
info: resolving protonmail.com. DNSKEY IN
info: resolving ns2.protonmail.com. AAAA IN
info: resolving ns3.protonmail.com. AAAA IN
info: resolving ns1.protonmail.com. AAAA IN
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.40.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
info: **Missing DNSKEY RRset in response to DNSKEY query.**
info: **Could not establish a chain of trust to keys for protonmail.com. DNSKEY IN**

Unbound is running inside a docker container and it is synced with the host in terms of local time (was initially unsynced but I thought I should try and see if the bug is there).

Unbound config:

server:
    cache-max-ttl: 86400
    cache-min-ttl: 300
    directory: "/opt/unbound/etc/unbound"
    edns-buffer-size: 1232
    interface: 0.0.0.0@53
    rrset-roundrobin: yes
    username: "_unbound"
    log-local-actions: no
    log-queries: no
    log-replies: no
    log-servfail: no
    logfile: /var/log/unbound.log
    verbosity: 2
    aggressive-nsec: yes
    delay-close: 10000
    do-daemonize: no
    do-not-query-localhost: no
    neg-cache-size: 4M
    qname-minimisation: yes
    access-control: 127.0.0.1/32 allow
    access-control: 192.168.0.0/16 allow
    access-control: 172.16.0.0/12 allow
    access-control: 10.0.0.0/8 allow
    auto-trust-anchor-file: "var/root.key"
    chroot: "/opt/unbound/etc/unbound"
    deny-any: yes
    harden-algo-downgrade: yes
    harden-below-nxdomain: yes
    harden-dnssec-stripped: yes
    harden-glue: yes
    harden-large-queries: yes
    harden-referral-path: no
    harden-short-bufsize: yes
    hide-identity: yes
    hide-version: yes
    identity: "foo"
    private-address: 10.0.0.0/8
    private-address: 172.16.0.0/12
    private-address: 192.168.0.0/16
    private-address: 169.254.0.0/16
    private-address: fd00::/8
    private-address: fe80::/10
    private-address: ::ffff:0:0/96
    ratelimit: 1000
    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
    unwanted-reply-threshold: 10000
    use-caps-for-id: no
    val-clean-additional: yes
    infra-cache-slabs: 2
    incoming-num-tcp: 10
    key-cache-slabs: 2
    msg-cache-size: 275724970
    msg-cache-slabs: 2
    num-queries-per-thread: 4096
    num-threads: 1
    outgoing-range: 8192
    rrset-cache-size: 551449941
    rrset-cache-slabs: 2
    minimal-responses: yes
    prefetch: yes
    prefetch-key: yes
    serve-expired: yes
    so-reuseport: yes
remote-control:
    control-enable: no

Any ideas?

EDIT: If I run the same container on my PC – the query works so I’m guessing it’s some sort of server config on the docker host

Tags: dns unbound

Answers

- WesHardaker
- July 2, 2021 at 10:13 pm
- 0 votes
0
Your problem lies with these lines most likely:
```
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 185.70.41.19 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
error: tcp sendmsg: Operation not supported for 3.127.12.149 port 53
```
This indicates that your DNS server is failing to send DNS over TCP queries outbound, which is required for talking to any DNS servers that are returning DNS responses with the TC (truncated) bit set, indicating it needed to send more data than would fit in the response [warning: leaving out lots of details about how this is decided at the server side]. Because your DNS resolver is validating the queries with DNSSEC (which ideally you want), its not surprising that some of the responses are large and require TCP (DNSKEYs are large to transfer).

Solutions in order of preference:
1. Fix outbout TCP on either/both the host or docker container
2. Increase the edns-buffer-size: 1232 to something like 4096. This will cause fragmented UDP packets, but it at least may work for you. 1232 is a better value ideally, but if you can’t fix TCP this may be the only option
3. Turn off DNSSEC validation. You can do this by setting the module-config: "iterator" option in the config file, but then you lose the security support that DNSSEC offers you.
Login or Signup to reply.

1. DNS Flag Day 2020 edns-buffer-size: 1232

2. Need add forward-zone:

#legend:
# N   : place number in the test
# TO  : timeout count
# #!  : speedup parametr
forward-zone:   

# Forward all queries (except those in cache and local zone) to 
# upstream recursive servers    
name: "."   
# Queries to this forward zone use TLS  
# forward-tls-upstream: no  

forward-first: yes
#!  параметр forward-no-cache с значением no уменьшил время выдачи адресов до нуля!
#!  the forward-no-cache parameter with a value of no reduced the address issuance time to zero!
forward-no-cache: no

#time:1ms;TTL:system;
#   google-250-set.1    ;Avg.ms:156.58;Min.ms:0.5;Max.ms:1350.6;
#   cachehit-250-set.1  N:1;Avg.ms:0.67;Min.ms:0.6;Max.ms:1.3;
forward-addr: 127.0.0.1
# ...........................................................................
#           AU;US;CLOUDFLARENETUS (Cloudflare DNS)
# ...........................................................................
#   ru: Standard
#   en: Обычный
# ....
#   cachehit-250-set.1  N:24;Avg.ms:74.14;Min.ms:3.8;Max.ms:3500.0;TO:5
#   time:3ms;TTL:56;
#   URL:    one.one.one.one
forward-addr: 1.0.0.1
#   cachehit-250-set.1  N:31;Avg.ms:93.37;Min.ms:37.2;Max.ms:3500.0;TO:4
#   time:36ms;TTL:56;
#   URL:    one.one.one.one 
#        forward-addr: 1.1.1.1

# ...........................................................................
#           DE;EU;CWVodafoneGroupPLC
# ...........................................................................
#   name:   Cable & Wireless DE
#   cachehit-250-set.1  N:7;Avg.ms:22.03;Min.ms:21.4;Max.ms:23.0;
#   20ms;TTL:58;
#   URL:     euro-cns1.cw.net
forward-addr: 141.1.27.249
#20ms;TTL:58;
forward-addr: 195.27.1.1
#   name:   Cable & Wireless DE-3
#   cachehit-250-set.1  N:8;Avg.ms:22.05;Min.ms:21.3;Max.ms:24.1;
#21ms;TTL:58;
#   URL:     cns1.cw.net
forward-addr: 141.1.1.1
# ...........................................................................
#           US;DYNDNS
#@  Planned shutdown on May 31, 2022
# ...........................................................................
#   name: DynGuide-2
#   cachehit-250-set.1  N:11;Avg.ms:41.36;Min.ms:9.4;Max.ms:45.2;
# time:43ms;TTL:53;
#   URL:     rdns.dynect.net
forward-addr: 216.146.36.36
# ...........................................................................
#           US;Google DNS
# ...........................................................................
#   name:   Google Public DNS-2
#   cachehit-250-set.1  N:10;Avg.ms:31.83;Min.ms:14.9;Max.ms:3500.0;TO:1
#   time:19ms;TTL:107;
#   URL:    dns.google
    forward-addr: 8.8.4.4
#
#   name:   Google Public DNS
# warn: Slower replica of Google Public DNS-2 [8.8.4.4]
#   cachehit-250-set.1  N:39;Avg.ms:647.68;Min.ms:19.0;Max.ms:NA;TO:17
#   time:14ms;TTL:59;
#   URL:    dns.google.
    forward-addr: 8.8.8.8

Please signup or login to give your own answer.

Click here to cancel reply.

Unbound not resolving some domains – Debian

Answers

1. DNS Flag Day 2020 edns-buffer-size: 1232

2. Need add forward-zone: