Yeah something has to be amiss on my end… Something has changed with my Unbound server… the number of CNAME’s available using DIG or DELV has changed recently… I started looking at this because since I did the updates a week or so ago including, the new DNS list for pihole, I started to get errors like this on my wife’s devices and mine (Cell phone calls dropped and services hanging or not working at all-IE Texts and images sent)-
2022-04-25 10:47:51 A iphone-ld.origin-apple.com.akadns.net SamanthasiPhone.HSSTnet Blocked (external, NULL) IP (2.5ms)
The Blocked (external, NULL)
was the only thing blocked by pihole. Turns out it was the upstream server (IE- Unbound) throwing that error back at Pi-hole. This means my previous conclusion that using DNSmasq on OPNsense Firewall was disabling the ability to filter pihole add lists by clients. That option on pihole is working fine. I just updated my root
list for unbound but the number of CNAME records was the same as before (but not like the FIRST time I did it.
Heres a comparison of delv
to check recursive resolver via unbound on the local device-
First Time (Initial Install)
**delv** [ **@127** ](http://twitter.com/127) **.0.0.1 -p 50053 internetsociety.org A +rtrace +multiline**
;; fetch: internetsociety.org/A
;; fetch: internetsociety.org/DNSKEY
;; fetch: internetsociety.org/DS
;; fetch: org/DNSKEY
;; fetch: org/DS
;; fetch: ./DNSKEY
; fully validated
internetsociety.org. 300 IN A 104.18.16.166
internetsociety.org. 300 IN A 104.18.17.166
internetsociety.org. 300 IN RRSIG A 13 2 300 (
20210418094324 20210416074324 34505 internetsociety.org.
vSNyWVP0EivHHRAyiqvwJqV+5N2FgUlrBq++xzsmdafn
4zhz4CGuIBWbljDSxD2bmJYDFxfHOtR9QDX9YEHc2Q== )
Current state
delv @127.0.0.1 -p 50053 internetsociety.org A +rtrace +multiline
;; fetch: internetsociety.org/A
;; fetch: internetsociety.org/DNSKEY
;; fetch: internetsociety.org/DS
;; fetch: org/DNSKEY
;; fetch: org/DS
;; fetch: ./DNSKEY
; fully validated
internetsociety.org. 30 IN A 104.18.16.166
internetsociety.org. 30 IN A 104.18.17.166
internetsociety.org. 30 IN RRSIG A 13 2 300 (
20220427171934 20220425151934 34505 internetsociety.org.
QRBk5o15H7JrPu39j3U0cRMAVlV76aCUcjh9ZziKlDSk
8adBwoFU/iyeOAvZVPtS39zAdteZ/iQw5LOQG0W2Dw== )
It looks like the number of reference records dropped from 300 to 30!
Is this something to worry about? I dunno it’s just something I noticed as different.
I’m (for shits and giggles) going to revert pihole and reset the clients lists to see what happens at home. It may be just too strict a list. I was able to fix my phone…
Never mind I’m still left with why the wife’s phone would still be messing up if I can see the query log isn’t forcing the phone to use the pihole filters and is only populating errors with Blocked (external, NULL)
I just refreshed my root.hints
file using
wget https://www.internic.net/domain/named.root -O /etc/unbound/root.hints
the restarted the unbound service. See if I keep getting the NULL errors. I only have unbound as my piholes only upstream DNS.
Anyone have ideas? It is Verizon service…wondering if they still have some bugs they are fixing from their server crash a few days ago.