From: ldo@nz.invalid

On Fri, 14 Feb 2025 15:54:04 +0100, s|b wrote:

https://economie.fgov.be/ (in fact everything *.fgov.be)

https://argenta.be/

https://www.paypal-opladen.be/

Note that Unbound is a DNS service, it doesn’t look up URLs, it looks up domain names.

--- SoupGate-DOS v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

On Sat, 15 Feb 2025 07:05:17 -0000 (UTC), Lawrence D'Oliveiro wrote:

Note that Unbound is a DNS service, it doesn’t look up URLs, it looks up domain names.

I don't see how stating the obvious is helpful.

I've set up Unbound as a recursive DNS server, but that doesn't do
anything to the fact that I can access these sites when I bypass Unbound
by setting another DNS (from my ISP for instance). That makes me think
it's not Pi-Hole or something else, but Unbound (a faulty setting of
mine? or a problem at the other side?) causing the problem. I can see in
the query logs they are getting N/A as reply.

And yet, another user with similar set up could reach these sites. I
already reinstalled and followed all the steps and still the same
problem with those... domains.

--
s|b

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 15 Feb 2025 14:41:51 +0100, s|b wrote:

And yet, another user with similar set up could reach these sites. I
already reinstalled and followed all the steps and still the same
problem with those... domains.

Just read a message on Reddit. Similar problem was solved by unchecking
'Block UDP flood' in the router. Can't find this setting in my TP Link
Archer AX55, but makes me think the router could be the culprit. (?)

--
s|b

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 15 Feb 2025 14:41:51 +0100, s|b wrote:

On Sat, 15 Feb 2025 07:05:17 -0000 (UTC), Lawrence D'Oliveiro wrote:

Note that Unbound is a DNS service, it doesn’t look up URLs, it looks
up domain names.

I don't see how stating the obvious is helpful.

Remember you posted URLs, not simple domain names.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/02/2025 14:37, s|b wrote:

On Sat, 15 Feb 2025 21:33:21 -0000 (UTC), Lawrence D'Oliveiro wrote:

Remember you posted URLs, not simple domain names.

You're right and that was an error, but the topic clearly says
_domains_. Again, this doesn't help my in any way.

This one is definitely in need of plonking.

*plonk*

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 15 Feb 2025 21:33:21 -0000 (UTC), Lawrence D'Oliveiro wrote:

Remember you posted URLs, not simple domain names.

You're right and that was an error, but the topic clearly says
_domains_. Again, this doesn't help my in any way.

--
s|b

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Anybody running Unbound (and Pi-Hole) on their RPi?

I've been using Pi-Hole on my RPi4 for several years now and a couple
months ago I decided to give Unbound a go. I followed the instructions
as described in https://docs.pi-hole.net/guides/dns/unbound/ and set my
DNS in Pi-Hole to 127.0.0.1#5335 (DNSSEC is unchecked). Everything seems
to work fine, but then I noticed certain domains result in Server Not
Found and the Query Log shows an N/A Reply for these sites.

These are some examples:

https://economie.fgov.be/ (in fact everything *.fgov.be)

https://argenta.be/

https://www.paypal-opladen.be/

The first is a government site, the second a bank and the third a site
to charge a paypal account. I don't know why, I'm not an expert, but
I've got the impression it's not Unbound that is to blame, but the sites themselves (DNSSEC?). I've searched and searched for the N/A problem,
but found no solution.

A Reddit user with Pi-Hole and Unbound could reach these sites without a problem. I've started with a fresh image (with Pi-Hole installed) and reinstalled Unbound, but the problem persists.

Pi-Hole is running under Bookworm (latest updates)
Pi-hole v5.18.4 FTL v5.25.2 Web Interface v5.21

--
s|b

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 14 Feb 2025 15:54:04 +0100, s|b wrote:

I've been using Pi-Hole on my RPi4 for several years now and a couple
months ago I decided to give Unbound a go. I followed the instructions
as described in https://docs.pi-hole.net/guides/dns/unbound/ and set my
DNS in Pi-Hole to 127.0.0.1#5335 (DNSSEC is unchecked). Everything seems
to work fine, but then I noticed certain domains result in Server Not
Found and the Query Log shows an N/A Reply for these sites.

That problem seems to be solved. I forgot to mention I was (am) working
behind a double NAT. My ISP's modem (crippled; very few options) and my
own router (more options). Yesterday, I tested a fresh install
(Bookworm, Pi-Hole & Unbound) on an RPi4 on a network with the same
modem (same ISP), but directly connected to the modem. Those domains
could be reached without a problem.

I now have some options :switching my ISP's modem with a Fritz!Box or
switching the modem with another one my ISP offers, one that can be used
in Bridge Mode. Unfortunately, I just found out my router (TP-Link
Archer AX55) that I just bought doesn't support Bridge Mode. So I would
have to buy a new router, an AP with at least one extra Ethernet port
and a 30 m cable.

I decided to give this a pass and have chosen Cloudflare (DNSSEC) to be Pi-Hole's DNS. Too bad about Unbound... (My ISP blocks port 53, so portforwarding wasn't an option either.)

--
s|b

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)