Unbound Unbound suddenly not resolving certian domains!

[dave14305]

I thought unbound bypasses ISP for DNS?

It bypasses your ISP’s DNS servers, but you still must send your Unbound DNS queries through your ISP’s network.

 

[Khadanja]

It bypasses your ISP’s DNS servers, but you still must send your Unbound DNS queries through your ISP’s network.

So if you use CLoudflare DNS set up on the router or your phone, your queries don't go though ISP?

 

[Jumpstarter]

Works if I do this. How to add multiple domains? Also, why does it work this way? If my ISP is blocking it, I thought unbound bypasses ISP for DNS?

Khadanja, they probably are blocking your ISP ASN, in which case even your IP would be blocked. This isn't something you can control. When you are using unbound recursively, YOU meaning you and your IP are your own DNS server. Using your hostname. When you access it using the forward method, you are asking those servers to tell you about that domain.

forward-zone:#DoT # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
name: "nest.gq" <<------ this part says we want unbound to ask the servers below for information about this domain, thus skipping your ISP's network.
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net

 

[Jumpstarter]

Works if I do this. How to add multiple domains? Also, why does it work this way? If my ISP is blocking it, I thought unbound bypasses ISP for DNS?

You could also make sure you are not country blocking with skynet. This has been known to cause issues when using unbound root servers.

 

[Khadanja]

You could also make sure you are not country blocking with skynet. This has been known to cause issues when using unbound root servers.

not blocking any country. How to add multiple domain in forward zone? Tried but unbond complaining about duplicate forward-tls-upstream & forward-zone#DoT

 

[Jumpstarter]

not blocking any country. How to add multiple domain in forward zone? Tried but unbond complaining about duplicate forward-tls-upstream & forward-zone#DoT

after the first forward arguement only start with name.

e.g.

forward-zone:#DoT # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support ##only put this argument once.
name: "nest.gq" <<------ this part says we want unbound to ask the servers below for information about this domain, thus skipping your ISP's network.
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net

name: "some.other.site.com"

 

[Khadanja]

tried that

after the first forward arguement only start with name.

e.g.

forward-zone:#DoT # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support ##only put this argument once.
name: "nest.gq" <<------ this part says we want unbound to ask the servers below for information about this domain, thus skipping your ISP's network.
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net

name: "some.other.site.com"

& now getting /opt/var/lib/unbound/unbound.conf:192: error: forward name override, there must be one name for one forward-zone

 

[Jumpstarter]

tried that

& now getting /opt/var/lib/unbound/unbound.conf:192: error: forward name override, there must be one name for one forward-zone

so apparently you have to do them all individually.

forward-zone:#DoT # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
name: "nest.gq" <<------ this part says we want unbound to ask the servers below for information about this domain, thus skipping your ISP's network.
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net

forward-zone:
name: "some.other.site.com"
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net

Which means you have to repeat the same arguements for each one.

 

[Khadanja]

so apparently you have to do them all individually.

forward-zone:#DoT # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
name: "nest.gq" <<------ this part says we want unbound to ask the servers below for information about this domain, thus skipping your ISP's network.
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net

forward-zone:
name: "some.other.site.com"
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net

Which means you have to repeat the same arguements for each one.

Tried that already exactly like you have typed but get this error -
***ERROR unbound configuration contains DUPLICATES - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file
4 forward-tls-upstream:
3 forward-zone:

 

[Jumpstarter]

Tried that already exactly like you have typed but get this error -
***ERROR unbound configuration contains DUPLICATES - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file
4 forward-tls-upstream:
3 forward-zone:

the real question is, IS this a legit unbound error, or one generated by unbound manager?

 

[Jumpstarter]

Tried that already exactly like you have typed but get this error -
***ERROR unbound configuration contains DUPLICATES - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file
4 forward-tls-upstream:
3 forward-zone:

I am able to run multiple forwardzones in all my unbound configurations. Even the one above. maybe @Martineau could explain this limitation in his manager.

 

[Khadanja]

In my unbound.conf file another zone Stubby is commented out which suggests that multiple should work.
##########################################
#forward-zone:#Stubby # v1.08 Add #Stubby edit marker
#name: "."
#forward-addr: 127.0.1.1@5453
#forward-addr: 0::1@5453 # integration IPV6
#########################################
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
forward-zone:#DoT # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
name: "nest.gq"

 

[Jumpstarter]

In my unbound.conf file another zone Stubby is commented out which suggests that multiple should work.
##########################################
#forward-zone:#Stubby # v1.08 Add #Stubby edit marker
#name: "."
#forward-addr: 127.0.1.1@5453
#forward-addr: 0::1@5453 # integration IPV6
#########################################
#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # v1.05 Martineau
forward-zone:#DoT # v1.08 Add #DoT edit marker v1.05 DNS-Over-TLS support
name: "nest.gq"

You could make a separate include file which should be impervious to the scripts forward zone check.

 

[Khadanja]

Create a separate .conf file and just add the forward zones there and then include it in the mail .conf file?

You could make a separate include file which should be impervious to the scripts forward zone check.

 

[Jumpstarter]

Create a separate .conf file and just add the forward zones there and then include it in the mail .conf file?

Bingo.

 

[Khadanja]

Bingo.

Worked!!!! Thanks!! I am hosting AdGuard on ad.nest.gq & using it on my iPhone by creating a custom profile for DoH when connected to mobile data but that won't work anymore . Most likely my ISP has started blocking all these .gq, .ml free domains for whatever reason.

 

[Khadanja]

@Jumpstarter Looks like there was a problem with my ISP's certain DNS server as yesterday I could resolve it using another DNS server of my ISP on mobile and some others with same ISP could resolve it but some couldn't. It seems to be ok now on mobile, will test on home broadband by removing the forward-zone.

 

[Khadanja]

Working fine after removing the forward-zone too