Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange issue - not sure how to fix

    Scheduled Pinned Locked Moved General pfSense Questions
    93 Posts 3 Posters 17.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfguy2018
      last edited by

      Here is the port 53 UDP traffic when running the dig feedly.com +trace command

      09:51:27.591255 IP 72.246.46.129.53 > xxx.xxx.xxx.xxx.22371: UDP, length 63
09:51:27.592186 IP xxx.xxx.xxx.xxx.13656 > 23.61.199.64.53: UDP, length 44
09:51:27.596218 IP 192.5.5.241.53 > xxx.xxx.xxx.xxx.17958: UDP, length 786
09:51:27.596325 IP 199.19.56.1.53 > xxx.xxx.xxx.xxx.51001: UDP, length 1021
09:51:27.596694 IP xxx.xxx.xxx.xxx.28502 > 43.230.48.1.53: UDP, length 34
09:51:27.597226 IP xxx.xxx.xxx.xxx.54324 > 2.16.130.131.53: UDP, length 47
09:51:27.598180 IP 84.53.139.66.53 > xxx.xxx.xxx.xxx.17594: UDP, length 113
09:51:27.598532 IP xxx.xxx.xxx.xxx.50451 > 23.211.132.65.53: UDP, length 54
09:51:27.602183 IP 23.211.133.131.53 > xxx.xxx.xxx.xxx.61509: UDP, length 62
09:51:27.602257 IP 184.26.161.130.53 > xxx.xxx.xxx.xxx.19037: UDP, length 63
09:51:27.604184 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.27810: UDP, length 62
09:51:27.605758 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.36489: UDP, length 62
09:51:27.605868 IP 192.41.162.30.53 > xxx.xxx.xxx.xxx.37184: UDP, length 745
09:51:27.606422 IP xxx.xxx.xxx.xxx.28094 > 217.160.82.194.53: UDP, length 46
09:51:27.606709 IP xxx.xxx.xxx.xxx.42365 > 217.160.81.195.53: UDP, length 46
09:51:27.607408 IP 192.42.93.30.53 > xxx.xxx.xxx.xxx.64205: UDP, length 1374
09:51:27.608006 IP xxx.xxx.xxx.xxx.10823 > 199.7.91.13.53: UDP, length 47
09:51:27.608960 IP 96.7.49.129.53 > xxx.xxx.xxx.xxx.29227: UDP, length 109
09:51:27.609059 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.24107: UDP, length 116
09:51:27.609384 IP xxx.xxx.xxx.xxx.58014 > 2.22.230.130.53: UDP, length 65
09:51:27.610087 IP xxx.xxx.xxx.xxx.29106 > 193.108.88.128.53: UDP, length 58
09:51:27.610604 IP 199.249.112.1.53 > xxx.xxx.xxx.xxx.24105: UDP, length 1021
09:51:27.611073 IP xxx.xxx.xxx.xxx.59245 > 2.16.130.131.53: UDP, length 47
09:51:27.612161 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.4652: UDP, length 62
09:51:27.612257 IP 23.74.25.128.53 > xxx.xxx.xxx.xxx.35281: UDP, length 63
09:51:27.612334 IP 95.100.168.128.53 > xxx.xxx.xxx.xxx.35288: UDP, length 63
09:51:27.614307 IP 216.239.34.10.53 > xxx.xxx.xxx.xxx.56661: UDP, length 64
09:51:27.615835 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.30538: UDP, length 62
09:51:27.615934 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.29119: UDP, length 62
09:51:27.616010 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.26764: UDP, length 62
09:51:27.616110 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.35771: UDP, length 62
09:51:27.616185 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.32909: UDP, length 62
09:51:27.617363 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.21281: UDP, length 62
09:51:27.617460 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.13681: UDP, length 62
09:51:27.626193 IP 216.239.34.10.53 > xxx.xxx.xxx.xxx.48475: UDP, length 71
09:51:27.630169 IP 23.211.132.65.53 > xxx.xxx.xxx.xxx.50451: UDP, length 113
09:51:27.630273 IP 81.91.164.5.53 > xxx.xxx.xxx.xxx.47478: UDP, length 691
09:51:27.630882 IP xxx.xxx.xxx.xxx.29570 > 217.160.80.193.53: UDP, length 45
09:51:27.630885 IP xxx.xxx.xxx.xxx.42631 > 95.100.168.130.53: UDP, length 51
09:51:27.631227 IP xxx.xxx.xxx.xxx.24142 > 217.160.81.196.53: UDP, length 45
09:51:27.631510 IP xxx.xxx.xxx.xxx.48389 > 217.160.82.194.53: UDP, length 45
09:51:27.631761 IP xxx.xxx.xxx.xxx.35040 > 217.160.80.193.53: UDP, length 45
09:51:27.634252 IP 199.7.91.13.53 > xxx.xxx.xxx.xxx.10823: UDP, length 825
09:51:27.636334 IP xxx.xxx.xxx.xxx.10416 > 192.112.36.4.53: UDP, length 47
09:51:27.637532 IP 77.67.63.105.53 > xxx.xxx.xxx.xxx.45244: UDP, length 691
09:51:27.637936 IP xxx.xxx.xxx.xxx.56311 > 217.160.80.193.53: UDP, length 45
09:51:27.638203 IP xxx.xxx.xxx.xxx.49832 > 217.160.82.195.53: UDP, length 45
09:51:27.638558 IP xxx.xxx.xxx.xxx.45100 > 217.160.80.193.53: UDP, length 45
09:51:27.638841 IP xxx.xxx.xxx.xxx.40751 > 217.160.81.196.53: UDP, length 45
09:51:27.639090 IP xxx.xxx.xxx.xxx.15400 > 217.160.80.193.53: UDP, length 45
09:51:27.640279 IP 192.33.14.30.53 > xxx.xxx.xxx.xxx.54683: UDP, length 861
09:51:27.640641 IP xxx.xxx.xxx.xxx.42994 > 205.251.193.222.53: UDP, length 49
09:51:27.641838 IP 23.61.199.64.53 > xxx.xxx.xxx.xxx.13656: UDP, length 75
09:51:27.642357 IP xxx.xxx.xxx.xxx.50850 > 23.211.133.65.53: UDP, length 57
09:51:27.643439 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.42365: UDP, length 62
09:51:27.643538 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.28094: UDP, length 62
09:51:27.651518 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.6554: UDP, length 119
09:51:27.651878 IP xxx.xxx.xxx.xxx.18779 > 2.22.230.130.53: UDP, length 63
09:51:27.652855 IP 192.55.83.30.53 > xxx.xxx.xxx.xxx.30344: UDP, length 860
09:51:27.653222 IP xxx.xxx.xxx.xxx.60974 > 205.251.192.36.53: UDP, length 49
09:51:27.654541 IP 96.7.50.128.53 > xxx.xxx.xxx.xxx.20917: UDP, length 62
09:51:27.656047 IP 205.251.193.222.53 > xxx.xxx.xxx.xxx.42994: UDP, length 335
09:51:27.656517 IP xxx.xxx.xxx.xxx.59577 > 205.251.194.236.53: UDP, length 61
09:51:27.656820 IP xxx.xxx.xxx.xxx.29228 > 199.249.120.1.53: UDP, length 42
09:51:27.657617 IP 2.22.230.67.53 > xxx.xxx.xxx.xxx.64172: UDP, length 60
09:51:27.660843 IP 95.100.168.130.53 > xxx.xxx.xxx.xxx.42631: UDP, length 78
09:51:27.661332 IP xxx.xxx.xxx.xxx.51498 > 84.53.139.129.53: UDP, length 55
09:51:27.664356 IP 194.146.107.6.53 > xxx.xxx.xxx.xxx.63915: UDP, length 691
09:51:27.664745 IP xxx.xxx.xxx.xxx.7053 > 217.160.80.193.53: UDP, length 45
09:51:27.669345 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.29570: UDP, length 61
09:51:27.670896 IP 23.211.133.65.53 > xxx.xxx.xxx.xxx.50850: UDP, length 93
09:51:27.671397 IP xxx.xxx.xxx.xxx.48083 > 192.55.83.30.53: UDP, length 43
09:51:27.672499 IP 205.251.192.36.53 > xxx.xxx.xxx.xxx.60974: UDP, length 334
09:51:27.672595 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.35040: UDP, length 61
09:51:27.672694 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.48389: UDP, length 61
09:51:27.672771 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.56311: UDP, length 61
09:51:27.672870 IP 217.160.81.196.53 > xxx.xxx.xxx.xxx.24142: UDP, length 61
09:51:27.675649 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.29106: UDP, length 95
09:51:27.676171 IP xxx.xxx.xxx.xxx.63756 > 2.22.230.65.53: UDP, length 44
09:51:27.679194 IP 217.160.82.195.53 > xxx.xxx.xxx.xxx.49832: UDP, length 61
09:51:27.679295 IP 217.160.81.196.53 > xxx.xxx.xxx.xxx.40751: UDP, length 61
09:51:27.679370 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.45100: UDP, length 61
09:51:27.680771 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.15400: UDP, length 61
09:51:27.682372 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.8658: UDP, length 63
09:51:27.685197 IP 84.53.139.129.53 > xxx.xxx.xxx.xxx.51498: UDP, length 82
09:51:27.685719 IP xxx.xxx.xxx.xxx.51725 > 23.61.199.131.53: UDP, length 63
09:51:27.688401 IP 205.251.194.236.53 > xxx.xxx.xxx.xxx.59577: UDP, length 326
09:51:27.690010 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.33996: UDP, length 63
09:51:27.691586 IP 192.112.36.4.53 > xxx.xxx.xxx.xxx.10416: UDP, length 825
09:51:27.692067 IP xxx.xxx.xxx.xxx.23482 > 192.33.4.12.53: UDP, length 47
09:51:27.693312 IP 199.249.120.1.53 > xxx.xxx.xxx.xxx.29228: UDP, length 805
09:51:27.693687 IP xxx.xxx.xxx.xxx.32444 > 205.251.196.15.53: UDP, length 50
09:51:27.698206 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.7053: UDP, length 61
09:51:27.698273 IP 2.22.230.130.53 > xxx.xxx.xxx.xxx.58014: UDP, length 104
09:51:27.698984 IP xxx.xxx.xxx.xxx.60192 > 192.5.6.30.53: UDP, length 43
09:51:27.699784 IP 195.243.137.26.53 > xxx.xxx.xxx.xxx.24580: UDP, length 691
09:51:27.700132 IP xxx.xxx.xxx.xxx.9782 > 217.160.82.193.53: UDP, length 45
09:51:27.701374 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.30060: UDP, length 63
09:51:27.702983 IP 43.230.48.1.53 > xxx.xxx.xxx.xxx.28502: UDP, length 546
09:51:27.703322 IP xxx.xxx.xxx.xxx.33833 > 213.248.216.1.53: UDP, length 44
      1 Reply Last reply Reply Quote 1
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Open that up in wireshark and you can see way more info on what is being asked, what is being returned... See my edit above post.

        But for example, you see that query to 192.33.4.12 that is one of the root servers.

        ;; QUESTION SECTION:
;12.4.33.192.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
12.4.33.192.in-addr.arpa. 10800 IN      PTR     c.root-servers.net.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        P 1 Reply Last reply Reply Quote 0
        • P
          pfguy2018 @johnpoz
          last edited by

          @johnpoz
          So that would suggest that things are working right now? Which is good. I will repeat this traffic capture once things go south again.

          I have installed Wireshark, but am not sure how to get my traffic into it from the text file I have. Any pointers there?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Not the text that is shown, the download button.

            downloadpcap.jpg

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              pfguy2018
              last edited by

              Great - got it. Now how do I edit out my ip address prior to posting the output? There does not seem to be any replace function in the UI that I can see.

              P 1 Reply Last reply Reply Quote 0
              • P
                pfguy2018 @pfguy2018
                last edited by

                @pfguy2018
                NVM - figured that out
                Here is some of the output from the capture I posted above
                Screen Shot 2020-02-23 at 10.18.30 AM copy.jpg

                1 Reply Last reply Reply Quote 0
                • P
                  pfguy2018
                  last edited by

                  It's a little hard to read the image, but there do appear to be successful queries to the root servers, as expected. So I will repeat this capture once the domain question stops resolving, to see if there are any differences in the traffic.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by johnpoz

                    Exactly the big question is are you actually sending the queries and just not getting an answer.. Or are you not sending them at all..

                    If it was just something hung up in unbound, you would think a restart of it would fix it... But your having to reboot... Which makes less sense unless its something with the actual wan connection.

                    You should always know the IPs of the roots, because you don't have to query for them - its in the hints file.. So you should always be able to query for IP of a root server even if no wan connectivity..

                    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig h.root-servers.net

; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34795
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;h.root-servers.net.            IN      A

;; ANSWER SECTION:
h.root-servers.net.     25823   IN      A       198.97.190.53

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 23 09:30:53 CST 2020
;; MSG SIZE  rcvd: 63

                    You should be able to ask unbound this way as well how it would look up NS for a tld... When it fails again.. I would check this as well to see what the output is..

                    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf lookup com
The following name servers are used for lookup of com.
;rrset 80980 13 0 2 0
com.    80980   IN      NS      b.gtld-servers.net.
com.    80980   IN      NS      e.gtld-servers.net.
com.    80980   IN      NS      c.gtld-servers.net.
com.    80980   IN      NS      h.gtld-servers.net.
com.    80980   IN      NS      l.gtld-servers.net.
com.    80980   IN      NS      a.gtld-servers.net.
com.    80980   IN      NS      k.gtld-servers.net.
com.    80980   IN      NS      g.gtld-servers.net.
com.    80980   IN      NS      i.gtld-servers.net.
com.    80980   IN      NS      f.gtld-servers.net.
com.    80980   IN      NS      d.gtld-servers.net.
com.    80980   IN      NS      j.gtld-servers.net.
com.    80980   IN      NS      m.gtld-servers.net.
;rrset 80980 1 1 11 5
com.    80980   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
com.    80980   IN      RRSIG   DS 8 1 86400 20200307050000 20200223040000 33853 . sLV0mt5DtczNJfepnGzpEjM5Gctb51i5Spnjk63LfpKu0YiWw160w9zDis/RoclzEKIAQ1wSWJNo04uBOQg7VAQ646bPoEcvSQ2Y7GJap4FqVIdAS3o5pJhKKmqeSVJxQ/aaj1BQAaWEFaU9yIvtnNWL7Lg0wUakZ483FTUxknRzTVHEVhNhnLUdjUcxEId0wEmmrkfsc5yiqRV9fYcOXUEZwFrV8YaoOTKaXKeL69zA2S4CJyXqQMbzFndPEE3/FnIhk3F19JfLgya8kwKTKbX22JJImxbmXA4zMTI8efnhlJ/ZS5QuuPcY2P2r+qVITs2Ibv2gvVBCYJltNxxaEQ== ;{id = 33853}
;rrset 25739 1 0 8 3
m.gtld-servers.net.     25739   IN      A       192.55.83.30
;rrset 25739 1 0 8 3
m.gtld-servers.net.     25739   IN      AAAA    2001:501:b1f9::30
;rrset 25738 1 0 8 3
j.gtld-servers.net.     25738   IN      A       192.48.79.30
;rrset 25738 1 0 8 3
j.gtld-servers.net.     25738   IN      AAAA    2001:502:7094::30
;rrset 25737 1 0 8 3
d.gtld-servers.net.     25737   IN      A       192.31.80.30
;rrset 25737 1 0 8 3
d.gtld-servers.net.     25737   IN      AAAA    2001:500:856e::30
;rrset 25737 1 0 8 3
f.gtld-servers.net.     25737   IN      A       192.35.51.30
;rrset 25737 1 0 8 3
f.gtld-servers.net.     25737   IN      AAAA    2001:503:d414::30
;rrset 25738 1 0 8 3
i.gtld-servers.net.     25738   IN      A       192.43.172.30
;rrset 25738 1 0 8 3
i.gtld-servers.net.     25738   IN      AAAA    2001:503:39c1::30
;rrset 25738 1 0 8 3
g.gtld-servers.net.     25738   IN      A       192.42.93.30
;rrset 25738 1 0 8 3
g.gtld-servers.net.     25738   IN      AAAA    2001:503:eea3::30
;rrset 25738 1 0 8 3
k.gtld-servers.net.     25738   IN      A       192.52.178.30
;rrset 25738 1 0 8 3
k.gtld-servers.net.     25738   IN      AAAA    2001:503:d2d::30
;rrset 25737 1 0 8 3
a.gtld-servers.net.     25737   IN      A       192.5.6.30
;rrset 25737 1 0 8 3
a.gtld-servers.net.     25737   IN      AAAA    2001:503:a83e::2:30
;rrset 25738 1 0 8 3
l.gtld-servers.net.     25738   IN      A       192.41.162.30
;rrset 25739 1 0 8 3
l.gtld-servers.net.     25739   IN      AAAA    2001:500:d937::30
;rrset 25738 1 0 8 3
h.gtld-servers.net.     25738   IN      A       192.54.112.30
;rrset 25738 1 0 8 3
h.gtld-servers.net.     25738   IN      AAAA    2001:502:8cc::30
;rrset 25737 1 0 8 3
c.gtld-servers.net.     25737   IN      A       192.26.92.30
;rrset 25737 1 0 8 3
c.gtld-servers.net.     25737   IN      AAAA    2001:503:83eb::30
;rrset 25737 1 0 8 3
e.gtld-servers.net.     25737   IN      A       192.12.94.30
;rrset 25737 1 0 8 3
e.gtld-servers.net.     25737   IN      AAAA    2001:502:1ca1::30
;rrset 25737 1 0 8 3
b.gtld-servers.net.     25737   IN      A       192.33.14.30
;rrset 25737 1 0 8 3
b.gtld-servers.net.     25737   IN      AAAA    2001:503:231d::2:30
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:503:231d::2:30     rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.33.14.30            not in infra cache.
2001:502:1ca1::30       rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.12.94.30            rto 191 msec, ttl 302, ping 15 var 44 rtt 191, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:83eb::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.26.92.30            rto 183 msec, ttl 302, ping 15 var 42 rtt 183, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:8cc::30        not in infra cache.
192.54.112.30           rto 243 msec, ttl 294, ping 3 var 60 rtt 243, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:d937::30       rto 376 msec, ttl 302, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.41.162.30           rto 285 msec, ttl 473, ping 17 var 67 rtt 285, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:a83e::2:30     rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.5.6.30              rto 279 msec, ttl 733, ping 7 var 68 rtt 279, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:d2d::30        rto 376 msec, ttl 302, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.52.178.30           rto 317 msec, ttl 711, ping 13 var 76 rtt 317, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:eea3::30       rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.42.93.30            rto 327 msec, ttl 91, ping 23 var 76 rtt 327, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:39c1::30       rto 376 msec, ttl 711, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.43.172.30           rto 214 msec, ttl 268, ping 6 var 52 rtt 214, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:d414::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.35.51.30            rto 365 msec, ttl 473, ping 9 var 89 rtt 365, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:856e::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.31.80.30            rto 238 msec, ttl 302, ping 10 var 57 rtt 238, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:7094::30       not in infra cache.
192.48.79.30            rto 302 msec, ttl 706, ping 2 var 75 rtt 302, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:501:b1f9::30       not in infra cache.
192.55.83.30            rto 351 msec, ttl 706, ping 7 var 86 rtt 351, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
[2.4.4-RELEASE][admin@sg4860.local.lan]/root:

                    To validate it actually has IPs for roots.

                    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf lookup .
The following name servers are used for lookup of .
;rrset 80411 13 1 11 5
.       80411   IN      NS      k.root-servers.net.
.       80411   IN      NS      b.root-servers.net.
.       80411   IN      NS      m.root-servers.net.
.       80411   IN      NS      c.root-servers.net.
.       80411   IN      NS      d.root-servers.net.
.       80411   IN      NS      l.root-servers.net.
.       80411   IN      NS      h.root-servers.net.
.       80411   IN      NS      j.root-servers.net.
.       80411   IN      NS      g.root-servers.net.
.       80411   IN      NS      e.root-servers.net.
.       80411   IN      NS      f.root-servers.net.
.       80411   IN      NS      a.root-servers.net.
.       80411   IN      NS      i.root-servers.net.
.       80411   IN      RRSIG   NS 8 0 518400 20200307050000 20200223040000 33853 . OywKX+NljD5Qsir5p4YY6Cz4raE6/1M5peyPyBymFCakHkG2tKG6u8k70cjNe/VAyYG0JPkqOFJ7I4+gzCqODab/8Vc18hClQ3XO6yj5IsdWcl5w+GgI7DFO5Tk7Bhx/5HqCNEXrmiCr8u1qvry0cdgmOO8iYvMDSXnT4FlGt49DIr4msrRU6Fsr0yjamoBVdcEaQwU9KDptzbMDnqJVL2FYGnpftrVanszm6Vs8q2iZivNlmTL1b2QKFidqI8DLs6V2yIPMbCOHFdAwlfw6LpWUaQhUxmxdsfBn28QUonZTUz/BOWpzWRmXDb2TDo1ofUkoOLvj7pHJvC7JEt07Zg== ;{id = 33853}
;rrset 25166 1 0 8 3
i.root-servers.net.     25166   IN      A       192.36.148.17
;rrset 25166 1 0 8 3
i.root-servers.net.     25166   IN      AAAA    2001:7fe::53
;rrset 25167 1 0 8 3
a.root-servers.net.     25167   IN      A       198.41.0.4
;rrset 25167 1 0 8 3
a.root-servers.net.     25167   IN      AAAA    2001:503:ba3e::2:30
;rrset 25166 1 0 8 3
f.root-servers.net.     25166   IN      A       192.5.5.241
;rrset 25166 1 0 8 3
f.root-servers.net.     25166   IN      AAAA    2001:500:2f::f
;rrset 25165 1 0 8 3
e.root-servers.net.     25165   IN      A       192.203.230.10
;rrset 25165 1 0 8 3
e.root-servers.net.     25165   IN      AAAA    2001:500:a8::e
;rrset 25166 1 0 8 3
g.root-servers.net.     25166   IN      A       192.112.36.4
;rrset 25166 1 0 8 3
g.root-servers.net.     25166   IN      AAAA    2001:500:12::d0d
;rrset 25167 1 0 8 3
j.root-servers.net.     25167   IN      A       192.58.128.30
;rrset 25167 1 0 8 3
j.root-servers.net.     25167   IN      AAAA    2001:503:c27::2:30
;rrset 25164 1 0 8 3
h.root-servers.net.     25164   IN      A       198.97.190.53
;rrset 25164 1 0 8 3
h.root-servers.net.     25164   IN      AAAA    2001:500:1::53
;rrset 25167 1 0 8 3
l.root-servers.net.     25167   IN      A       199.7.83.42
;rrset 25167 1 0 8 3
l.root-servers.net.     25167   IN      AAAA    2001:500:9f::42
;rrset 25167 1 0 8 3
d.root-servers.net.     25167   IN      A       199.7.91.13
;rrset 25167 1 0 8 3
d.root-servers.net.     25167   IN      AAAA    2001:500:2d::d
;rrset 25165 1 0 8 3
c.root-servers.net.     25165   IN      A       192.33.4.12
;rrset 25166 1 0 8 3
c.root-servers.net.     25166   IN      AAAA    2001:500:2::c
;rrset 25165 1 0 8 3
m.root-servers.net.     25165   IN      A       202.12.27.33
;rrset 25165 1 0 8 3
m.root-servers.net.     25165   IN      AAAA    2001:dc3::35
;rrset 25166 1 0 8 3
b.root-servers.net.     25166   IN      A       199.9.14.201
;rrset 25167 1 0 8 3
b.root-servers.net.     25167   IN      AAAA    2001:500:200::b
;rrset 25165 1 0 8 3
k.root-servers.net.     25165   IN      A       193.0.14.129
;rrset 25165 1 0 8 3
k.root-servers.net.     25165   IN      AAAA    2001:7fd::1
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:7fd::1             rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
193.0.14.129            not in infra cache.
2001:500:200::b         not in infra cache.
199.9.14.201            rto 369 msec, ttl 481, ping 9 var 90 rtt 369, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:dc3::35            rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
202.12.27.33            not in infra cache.
2001:500:2::c           not in infra cache.
192.33.4.12             not in infra cache.
2001:500:2d::d          not in infra cache.
199.7.91.13             not in infra cache.
2001:500:9f::42         rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
199.7.83.42             rto 356 msec, ttl 751, ping 8 var 87 rtt 356, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:1::53          not in infra cache.
198.97.190.53           not in infra cache.
2001:503:c27::2:30      rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.58.128.30           not in infra cache.
2001:500:12::d0d        not in infra cache.
192.112.36.4            rto 328 msec, ttl 751, ping 4 var 81 rtt 328, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:a8::e          not in infra cache.
192.203.230.10          not in infra cache.
2001:500:2f::f          not in infra cache.
192.5.5.241             rto 320 msec, ttl 751, ping 4 var 79 rtt 320, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:ba3e::2:30     not in infra cache.
198.41.0.4              rto 256 msec, ttl 228, ping 4 var 63 rtt 256, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:7fe::53            not in infra cache.
192.36.148.17           not in infra cache.
[2.4.4-RELEASE][admin@sg4860.local.lan]/root:

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfguy2018
                      last edited by

                      @johnpoz said in Strange issue - not sure how to fix:

                      unbound-control -c /var/unbound/unbound.conf lookup .

                      Yes, when I run those commands, I get very similar output to what you posted, as I should. So I will wait for the next time that domains stop resolving, and run everything again, and then post the results. Unfortunately, I have no idea when that will occur.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pfguy2018
                        last edited by

                        It happened again and I was able to run the various commands you listed above and perform a packet capture.

                        ; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;h.root-servers.net.		IN	A

;; ANSWER SECTION:
h.root-servers.net.	86400	IN	A	198.97.190.53

;; Query time: 158 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 23 16:18:59 EST 2020
;; MSG SIZE  rcvd: 63

                        The following name servers are used for lookup of com.
;rrset 85352 13 0 2 0
com.	85352	IN	NS	a.gtld-servers.net.
com.	85352	IN	NS	b.gtld-servers.net.
com.	85352	IN	NS	c.gtld-servers.net.
com.	85352	IN	NS	d.gtld-servers.net.
com.	85352	IN	NS	e.gtld-servers.net.
com.	85352	IN	NS	f.gtld-servers.net.
com.	85352	IN	NS	g.gtld-servers.net.
com.	85352	IN	NS	h.gtld-servers.net.
com.	85352	IN	NS	i.gtld-servers.net.
com.	85352	IN	NS	j.gtld-servers.net.
com.	85352	IN	NS	k.gtld-servers.net.
com.	85352	IN	NS	l.gtld-servers.net.
com.	85352	IN	NS	m.gtld-servers.net.
;rrset 85352 1 1 11 5
com.	85352	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
com.	85352	IN	RRSIG	DS 8 1 86400 20200307170000 20200223160000 33853 . AkoMkh2radmKCnXu8NeiINg3AlAYfHvuZORUApNH96ZCtOkPZ0vxFgdwnls009OkPO2IYeUuIySROSJNSPc9Ukj/ybot7AyjAv6brrTcYVCg0KvPPSaFLwBCHXuJdUNlIF8xhxv73/gFBEcGThLAmxfeRk2lpODXeXNDbZ9GPnWVeC2KVwEeL22JfBcBmpAxEhNLnufgPLR5Kv9aY+O7cleHDuRpQa4qNSEBgF/88ugrpNdixNx+5FO6Nl7mZRdPjSr97H6EH/aCvlzPMGl7bPVtT/7A9T943yQP4kMznxVRSMNXSMimarzRJhmM0ZE5H1qwUTi+UoeMjBq+mJHmBA== ;{id = 33853}
;rrset 85352 1 0 1 0
m.gtld-servers.net.	85352	IN	A	192.55.83.30
;rrset 85352 1 0 1 0
m.gtld-servers.net.	85352	IN	AAAA	2001:501:b1f9::30
;rrset 85352 1 0 1 0
l.gtld-servers.net.	85352	IN	A	192.41.162.30
;rrset 85352 1 0 1 0
l.gtld-servers.net.	85352	IN	AAAA	2001:500:d937::30
;rrset 85352 1 0 1 0
k.gtld-servers.net.	85352	IN	A	192.52.178.30
;rrset 85352 1 0 1 0
k.gtld-servers.net.	85352	IN	AAAA	2001:503:d2d::30
;rrset 85352 1 0 1 0
j.gtld-servers.net.	85352	IN	A	192.48.79.30
;rrset 85352 1 0 1 0
j.gtld-servers.net.	85352	IN	AAAA	2001:502:7094::30
;rrset 85352 1 0 1 0
i.gtld-servers.net.	85352	IN	A	192.43.172.30
;rrset 85352 1 0 1 0
i.gtld-servers.net.	85352	IN	AAAA	2001:503:39c1::30
;rrset 85352 1 0 1 0
h.gtld-servers.net.	85352	IN	A	192.54.112.30
;rrset 85352 1 0 1 0
h.gtld-servers.net.	85352	IN	AAAA	2001:502:8cc::30
;rrset 85352 1 0 1 0
g.gtld-servers.net.	85352	IN	A	192.42.93.30
;rrset 85352 1 0 1 0
g.gtld-servers.net.	85352	IN	AAAA	2001:503:eea3::30
;rrset 85352 1 0 1 0
f.gtld-servers.net.	85352	IN	A	192.35.51.30
;rrset 85352 1 0 1 0
f.gtld-servers.net.	85352	IN	AAAA	2001:503:d414::30
;rrset 85352 1 0 1 0
e.gtld-servers.net.	85352	IN	A	192.12.94.30
;rrset 85352 1 0 1 0
e.gtld-servers.net.	85352	IN	AAAA	2001:502:1ca1::30
;rrset 85352 1 0 1 0
d.gtld-servers.net.	85352	IN	A	192.31.80.30
;rrset 85352 1 0 1 0
d.gtld-servers.net.	85352	IN	AAAA	2001:500:856e::30
;rrset 85352 1 0 1 0
c.gtld-servers.net.	85352	IN	A	192.26.92.30
;rrset 85352 1 0 1 0
c.gtld-servers.net.	85352	IN	AAAA	2001:503:83eb::30
;rrset 85352 1 0 1 0
b.gtld-servers.net.	85352	IN	A	192.33.14.30
;rrset 85352 1 0 1 0
b.gtld-servers.net.	85352	IN	AAAA	2001:503:231d::2:30
;rrset 85352 1 0 1 0
a.gtld-servers.net.	85352	IN	A	192.5.6.30
;rrset 85352 1 0 1 0
a.gtld-servers.net.	85352	IN	AAAA	2001:503:a83e::2:30
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:503:a83e::2:30	not in infra cache.
192.5.6.30      	rto 307 msec, ttl 574, ping 19 var 72 rtt 307, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:231d::2:30	not in infra cache.
192.33.14.30    	rto 347 msec, ttl 735, ping 7 var 85 rtt 347, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:83eb::30	not in infra cache.
192.26.92.30    	not in infra cache.
2001:500:856e::30	not in infra cache.
192.31.80.30    	rto 197 msec, ttl 244, ping 37 var 40 rtt 197, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:1ca1::30	not in infra cache.
192.12.94.30    	not in infra cache.
2001:503:d414::30	not in infra cache.
192.35.51.30    	not in infra cache.
2001:503:eea3::30	not in infra cache.
192.42.93.30    	rto 123 msec, ttl 152, ping 23 var 25 rtt 123, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:8cc::30	not in infra cache.
192.54.112.30   	rto 324 msec, ttl 635, ping 4 var 80 rtt 324, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:39c1::30	not in infra cache.
192.43.172.30   	rto 298 msec, ttl 573, ping 10 var 72 rtt 298, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:7094::30	not in infra cache.
192.48.79.30    	rto 752 msec, ttl 384, ping 0 var 94 rtt 376, tA 1, tAAAA 0, tother 0, EDNS 0 assumed.
2001:503:d2d::30	not in infra cache.
192.52.178.30   	rto 360 msec, ttl 574, ping 8 var 88 rtt 360, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:d937::30	not in infra cache.
192.41.162.30   	rto 356 msec, ttl 736, ping 8 var 87 rtt 356, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:501:b1f9::30	not in infra cache.
192.55.83.30    	rto 336 msec, ttl 551, ping 24 var 78 rtt 336, tA 0, tAAAA 0, tother 0, EDNS 0 probed.

                        The following name servers are used for lookup of .
;rrset 85317 13 1 8 0
.	85317	IN	NS	m.root-servers.net.
.	85317	IN	NS	b.root-servers.net.
.	85317	IN	NS	c.root-servers.net.
.	85317	IN	NS	d.root-servers.net.
.	85317	IN	NS	e.root-servers.net.
.	85317	IN	NS	f.root-servers.net.
.	85317	IN	NS	g.root-servers.net.
.	85317	IN	NS	h.root-servers.net.
.	85317	IN	NS	a.root-servers.net.
.	85317	IN	NS	i.root-servers.net.
.	85317	IN	NS	j.root-servers.net.
.	85317	IN	NS	k.root-servers.net.
.	85317	IN	NS	l.root-servers.net.
.	85317	IN	RRSIG	NS 8 0 518400 20200307170000 20200223160000 33853 . GN9hZh6mOFruU2IWiP4EIvALgU6uQLlXo748wScmwsJYCcmPiPFT6y2qNnsJfg06OrI2qhZueL0NNtcZ5W9hGLFff3nzUcOETUnEWcbW4MwIRWDxVQ4MVMmsnIhWM3BCQdA5hG0eIALwJ+9q3aUe+lHhORN98lpYxfs+tx73A+GgmNZUm4Coz44hmhJ6G+mM0mYsMLZ1oAvDH/exgo/VExwEA9P3xyRQb5H09yJdc0cdmygbD8R1L/yjyQUlnyKLOC8ZQ3bpei9NKRXWqv5p29cnpwt4AiaAuZNkCVQA9SIWIKdFVrBh40NsO+RDpEcmh84r30wTVm+qYGT4PItLag== ;{id = 33853}
;rrset 85317 1 0 3 3
l.root-servers.net.	85317	IN	A	199.7.83.42
;rrset 85317 1 0 3 3
l.root-servers.net.	85317	IN	AAAA	2001:500:9f::42
;rrset 85317 1 0 3 3
k.root-servers.net.	85317	IN	A	193.0.14.129
;rrset 85317 1 0 3 3
k.root-servers.net.	85317	IN	AAAA	2001:7fd::1
;rrset 85317 1 0 3 3
j.root-servers.net.	85317	IN	A	192.58.128.30
;rrset 85317 1 0 3 3
j.root-servers.net.	85317	IN	AAAA	2001:503:c27::2:30
;rrset 85317 1 0 3 3
i.root-servers.net.	85317	IN	A	192.36.148.17
;rrset 85317 1 0 3 3
i.root-servers.net.	85317	IN	AAAA	2001:7fe::53
;rrset 85317 1 0 3 3
a.root-servers.net.	85317	IN	A	198.41.0.4
;rrset 85317 1 0 3 3
a.root-servers.net.	85317	IN	AAAA	2001:503:ba3e::2:30
;rrset 86325 1 0 8 3
h.root-servers.net.	86325	IN	A	198.97.190.53
;rrset 85317 1 0 3 3
h.root-servers.net.	85317	IN	AAAA	2001:500:1::53
;rrset 85317 1 0 3 3
g.root-servers.net.	85317	IN	A	192.112.36.4
;rrset 85317 1 0 3 3
g.root-servers.net.	85317	IN	AAAA	2001:500:12::d0d
;rrset 85317 1 0 3 3
f.root-servers.net.	85317	IN	A	192.5.5.241
;rrset 85317 1 0 3 3
f.root-servers.net.	85317	IN	AAAA	2001:500:2f::f
;rrset 85317 1 0 3 3
e.root-servers.net.	85317	IN	A	192.203.230.10
;rrset 85317 1 0 3 3
e.root-servers.net.	85317	IN	AAAA	2001:500:a8::e
;rrset 85317 1 0 3 3
d.root-servers.net.	85317	IN	A	199.7.91.13
;rrset 85317 1 0 3 3
d.root-servers.net.	85317	IN	AAAA	2001:500:2d::d
;rrset 85317 1 0 3 3
c.root-servers.net.	85317	IN	A	192.33.4.12
;rrset 85317 1 0 3 3
c.root-servers.net.	85317	IN	AAAA	2001:500:2::c
;rrset 85317 1 0 3 3
b.root-servers.net.	85317	IN	A	199.9.14.201
;rrset 85317 1 0 3 3
b.root-servers.net.	85317	IN	AAAA	2001:500:200::b
;rrset 85317 1 0 3 3
m.root-servers.net.	85317	IN	A	202.12.27.33
;rrset 85317 1 0 3 3
m.root-servers.net.	85317	IN	AAAA	2001:dc3::35
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:dc3::35    	not in infra cache.
202.12.27.33    	expired, rto 62969312 msec, tA 2 tAAAA 0 tother 0.
2001:500:200::b 	not in infra cache.
199.9.14.201    	expired, rto 62969312 msec, tA 1 tAAAA 0 tother 0.
2001:500:2::c   	not in infra cache.
192.33.4.12     	rto 210 msec, ttl 110, ping 18 var 48 rtt 210, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:2d::d  	not in infra cache.
199.7.91.13     	not in infra cache.
2001:500:a8::e  	not in infra cache.
192.203.230.10  	not in infra cache.
2001:500:2f::f  	not in infra cache.
192.5.5.241     	rto 287 msec, ttl 499, ping 7 var 70 rtt 287, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:12::d0d	not in infra cache.
192.112.36.4    	not in infra cache.
2001:500:1::53  	not in infra cache.
198.97.190.53   	not in infra cache.
2001:503:ba3e::2:30	not in infra cache.
198.41.0.4      	not in infra cache.
2001:7fe::53    	not in infra cache.
192.36.148.17   	not in infra cache.
2001:503:c27::2:30	not in infra cache.
192.58.128.30   	rto 328 msec, ttl 642, ping 4 var 81 rtt 328, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:7fd::1     	not in infra cache.
193.0.14.129    	not in infra cache.
2001:500:9f::42 	not in infra cache.
199.7.83.42     	not in infra cache.

                        ; <<>> DiG 9.12.2-P1 <<>> feedly.com +trace
;; global options: +cmd
.			85262	IN	NS	m.root-servers.net.
.			85262	IN	NS	b.root-servers.net.
.			85262	IN	NS	c.root-servers.net.
.			85262	IN	NS	d.root-servers.net.
.			85262	IN	NS	e.root-servers.net.
.			85262	IN	NS	f.root-servers.net.
.			85262	IN	NS	g.root-servers.net.
.			85262	IN	NS	h.root-servers.net.
.			85262	IN	NS	a.root-servers.net.
.			85262	IN	NS	i.root-servers.net.
.			85262	IN	NS	j.root-servers.net.
.			85262	IN	NS	k.root-servers.net.
.			85262	IN	NS	l.root-servers.net.
.			85262	IN	RRSIG	NS 8 0 518400 20200307170000 20200223160000 33853 . GN9hZh6mOFruU2IWiP4EIvALgU6uQLlXo748wScmwsJYCcmPiPFT6y2q NnsJfg06OrI2qhZueL0NNtcZ5W9hGLFff3nzUcOETUnEWcbW4MwIRWDx VQ4MVMmsnIhWM3BCQdA5hG0eIALwJ+9q3aUe+lHhORN98lpYxfs+tx73 A+GgmNZUm4Coz44hmhJ6G+mM0mYsMLZ1oAvDH/exgo/VExwEA9P3xyRQ b5H09yJdc0cdmygbD8R1L/yjyQUlnyKLOC8ZQ3bpei9NKRXWqv5p29cn pwt4AiaAuZNkCVQA9SIWIKdFVrBh40NsO+RDpEcmh84r30wTVm+qYGT4 PItLag==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

;; connection timed out; no servers could be reached

                        Screen Shot 2020-02-23 at 4.26.46 PM copy 2.jpg

                        What can I learn from all this?

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Did you set that public IP to resolve as local?

                          Where are the queries to and from .com server Servers?.. I only see queries for the root servers?

                          You prob want to set number of packets to capture to 0 vs just the 100..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          P 1 Reply Last reply Reply Quote 0
                          • P
                            pfguy2018 @johnpoz
                            last edited by

                            @johnpoz said in Strange issue - not sure how to fix:

                            Did you set that public IP to resolve as local?

                            Yes - to obscure my IP address. Wherever it says "local", it originally listed my IP address.

                            Where are the queries to and from .com server Servers?.. I only see queries for the root servers?

                            Not sure. But the packet capture was taken while I ran the command dig feedly.com +trace. I ran it again while trying to browse to feedly.com - results below.

                            You prob want to set number of packets to capture to 0 vs just the 100..

                            Done below

                            Screen Shot 2020-02-23 at 4.49.10 PM copy.jpg

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by johnpoz

                              That image is too small for me to make out anything.

                              Looks like you have some queries for fox.com - but I don't see anything to the cloudflare NS that are for feedly.com

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • P
                                pfguy2018
                                last edited by

                                Unfortunately, I can't seem to upload any images > 1 mb, so that one was the best resolution I could use (if you click on it to open in a separate tab, it should be more readable)
                                But it does show DNS queries going out to various name servers. This was occurring while I was trying to load feedly.com (unsuccessfully) and in other tabs browsing to other sites (successfully).
                                Does this help narrow down the issue at all?

                                1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by johnpoz

                                  Dude just shrink it... And it sure isn't showing anything over 100 queries... And I tried clicking into - its too small..

                                  download.jpg

                                  If you click into that you can read it can you not..

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    pfguy2018
                                    last edited by

                                    The pciture is a screenshot from wireshark - it was the max number of lines I could fit on my screen at one time. When I tried to cut and paste the text itself, the forum software rejects it as being spam, so it won't let me post it. However, I searched the capture file on my end - even though I was trying to resolve feedly.com, there were no entries for feedly.com in the capture (and other DNS requests are going out as expected at the exact same time). It's as if the request to resolve feedly.com is not even getting to the DNS resolver. I am not sure where along the way it is getting blocked.

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      pfguy2018
                                      last edited by

                                      And strangest of all - the problem just seemed to fix itself without any intervention on my part. When I tried to browse to feedly.com, it resolved (unfortunately was not performing packet capture at the time). However, I notice that this is at exactly the same time that pfBlocker NG is updating itself/cron job. Is that just a coincidence, or is that pointing to an issue with pfBlocker NG?

                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        pfguy2018
                                        last edited by

                                        Spoke too soon - feedly.com resolved in firefox (still using the firefox internal cloudfare DNS lookup) but not safari at the same time - i.e. it could resolve when 1.1.1.1 was used but not unbound. As soon as pfBlocker NG finished its update, firefox could not resolve feedly.com any longer.

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          pfguy2018
                                          last edited by

                                          Tried another packet capture while browsing to feedly.com, pinging feedly.com, and performing an nslookup via the command prompt. During all of that, feedly.com never appeared in the UDP port 53 packet capture, even though other domains did appear as expected (and resolved without issue) - including websites that I have never accessed in the past. The problem does seem to be limited to feedly. I remain mystified.

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by johnpoz

                                            @pfguy2018 said in Strange issue - not sure how to fix:

                                            notice that this is at exactly the same time that pfBlocker NG is updating itself/cron job.

                                            Dude that restarts unbound! And yes that will cause you problems with resolving. As to not seeing anything for feedly in your sniff - because once its cached you don't have to go lookup it up again..

                                            How freaking often do you have pfblocker updating?

                                            Why don't you turn off that firefox nonsense?

                                            Here lets do this - how long has unbound been up?

                                            [2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf status
version: 1.9.1
verbosity: 1
threads: 4
modules: 2 [ validator iterator ]
uptime: 555956 seconds
options: control(ssl)
unbound (pid 83160) is running...
[2.4.4-RELEASE][admin@sg4860.local.lan]/root:

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.