Strange issue - not sure how to fix



  • I have been experiencing a strange issue that seems to only affect navigation to a single website. My box is an SG-4860, on 2.4.4-RELEASE-p3 (supplying this info in case it is pertinent). From time to time, I am unable to connect to a specific website, feedly.com. When I check under Diagnostics -DNS lookup, resolver is able to look up the site and return the IP address. However, if I try to ping or traceroute to the site (either by name or IP address), there is no connection. Rebooting pfSense fixes the problem, but then it recurs at some variable amount of time later (generally 1 to several days, but it varies and does not seem to be predictable).

    I have pfBlocker NG installed, but I have feedly.com whitelisted, and feedly.com does not appear in any of the block lists. Additionally, feedly.com does not appear in the pfBlocker logs to indicate that it is being blocked.

    Additionally, I have not seen feedly.com on any of the firewall logs.

    How can I work this problem? Any suggestions would be welcome.



  • One thing to add that might be a clue.
    When I check under Status - DNS resolver, feedly.com is listed as
    173.245.58.102 feedly.com.
    173.245.59.143 feedly.com.

    However, when I do a DNS lookup for feedly.com, I get
    104.20.60.241
    104.20.59.241

    Could this be the source of the issue? What do I do to fix it?


  • LAYER 8 Global Moderator

    What your seeing for status there is the NS for that domain, which are cloudflare NS..

    ; QUESTION SECTION:
    ;feedly.com.                    IN      NS
    
    ;; ANSWER SECTION:
    feedly.com.             86400   IN      NS      anna.ns.cloudflare.com.
    feedly.com.             86400   IN      NS      sid.ns.cloudflare.com.
    

    I am on the same box as you 4860, but that really doesn't have anything to do with it... I am not having any issues accessing that site currently.. Never been on it before.

    feedly.jpg

    You sure when your having issues, its just not that unbound has restarted or something.. pfblocker can delay unbounds startup time.

    The TTL on those records is really low at 5 minutes.

    ;feedly.com.                    IN      A
    
    ;; ANSWER SECTION:
    feedly.com.             300     IN      A       104.20.59.241
    feedly.com.             300     IN      A       104.20.60.241
    

    Couple of things you could do when you have problems resolving.. You could turn on prefetching, you could enable return on 0 ttl. And you could also set a min ttl, ie have mine set to 1 hour 3600 seconds. Because I think its just asinine to use such short ttls for a record 5 minutes... JFC people really!! ;)

    in advanced enable
    Prefetch Support
    Serve Expired
    If you want set your
    Minimum TTL for RRsets and Messages
    to something like 3600, or 1200 or something so your caching stuff like this for more than 5 freaking minutes.



  • I don't think it is unbound restarting, as all other sites resolve properly when this behavior occurs, and there are no entries in the unbound logs indicating that it restarted.

    I applied the settings you recommended, but no joy. Still not resolving feedly.com.
    I am mystified by this.


  • LAYER 8 Global Moderator

    Can you directly query the NS? Do a dig plus trace to see where you might be failing..

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig feedly.com +trace
    
    ; <<>> DiG 9.12.2-P1 <<>> feedly.com +trace
    ;; global options: +cmd
    .                       55245   IN      NS      h.root-servers.net.
    .                       55245   IN      NS      k.root-servers.net.
    .                       55245   IN      NS      e.root-servers.net.
    .                       55245   IN      NS      m.root-servers.net.
    .                       55245   IN      NS      c.root-servers.net.
    .                       55245   IN      NS      f.root-servers.net.
    .                       55245   IN      NS      i.root-servers.net.
    .                       55245   IN      NS      g.root-servers.net.
    .                       55245   IN      NS      b.root-servers.net.
    .                       55245   IN      NS      j.root-servers.net.
    .                       55245   IN      NS      a.root-servers.net.
    .                       55245   IN      NS      d.root-servers.net.
    .                       55245   IN      NS      l.root-servers.net.
    .                       55245   IN      RRSIG   NS 8 0 518400 20200305190000 20200221180000 33853 . Md9l213wnywkUFV95YPQHkCeE+ZwSJbop+9tJq3SIyBOpUlmRk550Q3R b12eEipqdJr0PqwGX5a4kI0LrtRTRfVw87g2/shLnNU8n8eeeu5AhpYN oieNajpTyijaHBthsOu6mooM9kUyeWr4SAPTJ7ejna5z7MXKLxLp5x65 YWbyxoJZYgqVvrq9UG30Z6xMT2nHLlYJP8jrRVcFm2BRtLSGGTYr/zPu T/CukO9xW0O+VNKgV2QlQ1nWkKBytd3SylJ/cDk7xn6ilQNk1y31B0T3 5mj7xuDY6bspkMMXweDSmADVDX9YHQBs8jMFEpzAYASf3xDU3rHiif5f Qn7yfg==
    ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
    
    com.                    172800  IN      NS      a.gtld-servers.net.
    com.                    172800  IN      NS      b.gtld-servers.net.
    com.                    172800  IN      NS      c.gtld-servers.net.
    com.                    172800  IN      NS      d.gtld-servers.net.
    com.                    172800  IN      NS      e.gtld-servers.net.
    com.                    172800  IN      NS      f.gtld-servers.net.
    com.                    172800  IN      NS      g.gtld-servers.net.
    com.                    172800  IN      NS      h.gtld-servers.net.
    com.                    172800  IN      NS      i.gtld-servers.net.
    com.                    172800  IN      NS      j.gtld-servers.net.
    com.                    172800  IN      NS      k.gtld-servers.net.
    com.                    172800  IN      NS      l.gtld-servers.net.
    com.                    172800  IN      NS      m.gtld-servers.net.
    com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
    com.                    86400   IN      RRSIG   DS 8 1 86400 20200306170000 20200222160000 33853 . nKP5Lv27AOcUTOm757OfCNXwSlfg8v2sgN8bBC6JvkPlCWDl1P9WI7MQ uQeLEkx7/uUV8LIWt9ydzRb0C1ZPAmZQqzcs/AyAS2vZpxg4zPntejA2 U8RrTi2LCNmB3nr6LKGGZIcFMPH9CzLGld2PI6PNJPLE6Fjd/KnfwmLk t3Say5Rc1Q04998aQU56kXwzVy35zni3HZXMrPkKnlW0aMYm3u2UC+Pi HuxP9QrzE7G9QAz/mq2jkf3IjSyi3b4E5gOhGOMpU0gdKAHngVaDLa6W 1Pdv+ksnrqkXAwbFxhzMW8HDC3qEHxxcNWvZBJyvjcWwAsHbUPtcHiTd c1+gMQ==
    ;; Received 1170 bytes from 192.58.128.30#53(j.root-servers.net) in 50 ms
    
    feedly.com.             172800  IN      NS      sid.ns.cloudflare.com.
    feedly.com.             172800  IN      NS      anna.ns.cloudflare.com.
    CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
    CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200227054927 20200220043927 56311 com. A7zRR2FLhyIgXRnCDNNvgAx2rJS8Rmn1XVVobuXfiDuGSvok2VpUPFfq cSN1rspiJJxCuU1z0IP5QL6zVUroFJ6JEghztjdP+P8l0rpE28/MEJz6 XHIagMgIVeUQfmDgzvBvk8ufccBKbrMJ6CWsmtJZYIjp+5Bar5qx7Ekr +QfZbnhvW2bmnLuUxK57EhVDcdpllDVYBxxjye0EU60l5Q==
    3I8E1G3SLVIC3HRKRAQSO6EK28ISKHP7.com. 86400 IN NSEC3 1 1 0 - 3I8FF9SHMK4CDS6I5ID1K3FROQE4EUPK NS DS RRSIG
    3I8E1G3SLVIC3HRKRAQSO6EK28ISKHP7.com. 86400 IN RRSIG NSEC3 8 2 86400 20200229055410 20200222044410 56311 com. jomgLV9NMlv4s8S+WeAWT7lq3AUzv0Ij0KcEneyjQYXyCGktENfZBAfr g1qlt1eZBVwG8jIXh+zmfSbW5QLVzRLjTC0WuuDMWOW8S2mkpt3cWfY3 yHwNNZgP3zobIylthc+VnC+jhEqeQavOnlyVv10XUX4Ceyg/k7MTnSR3 Svq9A+CNrdZLztwXlHEQ8/mCZU+BFLMXGfNkFYK6+V7hHQ==
    ;; Received 727 bytes from 2001:502:1ca1::30#53(e.gtld-servers.net) in 38 ms
    
    feedly.com.             300     IN      A       104.20.59.241
    feedly.com.             300     IN      A       104.20.60.241
    ;; Received 71 bytes from 173.245.59.143#53(sid.ns.cloudflare.com) in 23 ms
    
    

    Those settings won't help resolve something that is specifically failing if you have not atleast resolved it once.



  • @johnpoz said in Strange issue - not sure how to fix:

    dig feedly.com +trace

    This is the output:
    ; <<>> DiG 9.12.2-P1 <<>> feedly.com +trace
    ;; global options: +cmd
    . 86247 IN NS b.root-servers.net.
    . 86247 IN NS e.root-servers.net.
    . 86247 IN NS l.root-servers.net.
    . 86247 IN NS g.root-servers.net.
    . 86247 IN NS f.root-servers.net.
    . 86247 IN NS i.root-servers.net.
    . 86247 IN NS k.root-servers.net.
    . 86247 IN NS d.root-servers.net.
    . 86247 IN NS a.root-servers.net.
    . 86247 IN NS m.root-servers.net.
    . 86247 IN NS h.root-servers.net.
    . 86247 IN NS c.root-servers.net.
    . 86247 IN NS j.root-servers.net.
    . 86247 IN RRSIG NS 8 0 518400 20200306170000 20200222160000 33853 . OllzbzJsOGxkm+P/Ey6qfFo8aQAw2uj4myYKF8VK5wW/2wxfpUNvRpfR zqrknCl2bYIuW/NtVVqrfD/u8NxeMEqOf44O7SjHj6xEvEVlDnb+L3tU rb2q3yUOKROLKd4hsjNWqzYqX8ceP9ZfFnSMGrDEZLgS64/SK3QRHY74 XEGj1knstNH7iRjvUt/DH851ViURrJ+sQCnw0eXWqkKsgF27arrQES3T vgnW7VvEal5bPgLNImafvgmiHmjL74No2QlRUtWl2KpspZqqiXZOe3lr HIMnZJhY5ku8QB35u9Yxb/YX6b5yo0u9xv4akOB8rYKlzwLRw9/ilQ2a vhDQRQ==
    ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

    ;; connection timed out; no servers could be reached

    What does this tell me?


  • LAYER 8 Global Moderator

    Tells me you are not able to talk to any of the roots!! So nothing going to resolve.. Only stuff you have cached already is going to be able to resolve.



  • That is strange. Because I am having no trouble accessing any other sites, including sites where I have never browsed before.

    How do I solve that issue? Any pointers?


  • LAYER 8 Global Moderator

    Well why can you not query the roots... Try to query one..

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig @h.root-servers.net com NS
    
    ; <<>> DiG 9.12.2-P1 <<>> @h.root-servers.net com NS
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54900
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
    ;; WARNING: recursion requested but not available
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;com.                           IN      NS
    
    ;; AUTHORITY SECTION:
    com.                    172800  IN      NS      a.gtld-servers.net.
    com.                    172800  IN      NS      b.gtld-servers.net.
    com.                    172800  IN      NS      c.gtld-servers.net.
    com.                    172800  IN      NS      d.gtld-servers.net.
    com.                    172800  IN      NS      e.gtld-servers.net.
    com.                    172800  IN      NS      f.gtld-servers.net.
    com.                    172800  IN      NS      g.gtld-servers.net.
    com.                    172800  IN      NS      h.gtld-servers.net.
    com.                    172800  IN      NS      i.gtld-servers.net.
    com.                    172800  IN      NS      j.gtld-servers.net.
    com.                    172800  IN      NS      k.gtld-servers.net.
    com.                    172800  IN      NS      l.gtld-servers.net.
    com.                    172800  IN      NS      m.gtld-servers.net.
    
    ;; ADDITIONAL SECTION:
    a.gtld-servers.net.     172800  IN      A       192.5.6.30
    b.gtld-servers.net.     172800  IN      A       192.33.14.30
    c.gtld-servers.net.     172800  IN      A       192.26.92.30
    d.gtld-servers.net.     172800  IN      A       192.31.80.30
    e.gtld-servers.net.     172800  IN      A       192.12.94.30
    f.gtld-servers.net.     172800  IN      A       192.35.51.30
    g.gtld-servers.net.     172800  IN      A       192.42.93.30
    h.gtld-servers.net.     172800  IN      A       192.54.112.30
    i.gtld-servers.net.     172800  IN      A       192.43.172.30
    j.gtld-servers.net.     172800  IN      A       192.48.79.30
    k.gtld-servers.net.     172800  IN      A       192.52.178.30
    l.gtld-servers.net.     172800  IN      A       192.41.162.30
    m.gtld-servers.net.     172800  IN      A       192.55.83.30
    a.gtld-servers.net.     172800  IN      AAAA    2001:503:a83e::2:30
    b.gtld-servers.net.     172800  IN      AAAA    2001:503:231d::2:30
    c.gtld-servers.net.     172800  IN      AAAA    2001:503:83eb::30
    d.gtld-servers.net.     172800  IN      AAAA    2001:500:856e::30
    e.gtld-servers.net.     172800  IN      AAAA    2001:502:1ca1::30
    f.gtld-servers.net.     172800  IN      AAAA    2001:503:d414::30
    g.gtld-servers.net.     172800  IN      AAAA    2001:503:eea3::30
    h.gtld-servers.net.     172800  IN      AAAA    2001:502:8cc::30
    i.gtld-servers.net.     172800  IN      AAAA    2001:503:39c1::30
    j.gtld-servers.net.     172800  IN      AAAA    2001:502:7094::30
    k.gtld-servers.net.     172800  IN      AAAA    2001:503:d2d::30
    l.gtld-servers.net.     172800  IN      AAAA    2001:500:d937::30
    m.gtld-servers.net.     172800  IN      AAAA    2001:501:b1f9::30
    
    ;; Query time: 45 msec
    ;; SERVER: 198.97.190.53#53(198.97.190.53)
    ;; WHEN: Sat Feb 22 16:49:09 CST 2020
    


  • @johnpoz said in Strange issue - not sure how to fix:

    dig @h.root-servers.net com NS

    ; <<>> DiG 9.12.2-P1 <<>> @h.root-servers.net com NS
    ; (2 servers found)
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached


  • LAYER 8 Global Moderator

    your not even getting an IP? dig to IP.

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig h.root-servers.net 
    
    ; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31354
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;h.root-servers.net.            IN      A
    
    ;; ANSWER SECTION:
    h.root-servers.net.     85798   IN      A       198.97.190.53
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sat Feb 22 16:51:18 CST 2020
    ;; MSG SIZE  rcvd: 63
    

    Then try and dig to that IP..

    dig @198.97.190.53 com ns

    If your not getting back IPs from unbound for roots - then yeah your going to have all kinds of issues!! You would only be able to resolve stuff that you have IPs to be able to ask those NS.



  • @johnpoz said in Strange issue - not sure how to fix:

    dig h.root-servers.net

    I just rebooted, so I am able to access feedly.com again. But who knows for how long?

    This is the output:
    ; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8969
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;h.root-servers.net. IN A

    ;; ANSWER SECTION:
    h.root-servers.net. 86400 IN A 198.97.190.53

    ;; Query time: 3199 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sat Feb 22 17:57:27 EST 2020
    ;; MSG SIZE rcvd: 63

    ; <<>> DiG 9.12.2-P1 <<>> @198.97.190.53 com ns
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49732
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 27
    ;; WARNING: recursion requested but not available

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;com. IN NS

    ;; AUTHORITY SECTION:
    com. 172800 IN NS a.gtld-servers.net.
    com. 172800 IN NS b.gtld-servers.net.
    com. 172800 IN NS c.gtld-servers.net.
    com. 172800 IN NS d.gtld-servers.net.
    com. 172800 IN NS e.gtld-servers.net.
    com. 172800 IN NS f.gtld-servers.net.
    com. 172800 IN NS g.gtld-servers.net.
    com. 172800 IN NS h.gtld-servers.net.
    com. 172800 IN NS i.gtld-servers.net.
    com. 172800 IN NS j.gtld-servers.net.
    com. 172800 IN NS k.gtld-servers.net.
    com. 172800 IN NS l.gtld-servers.net.
    com. 172800 IN NS m.gtld-servers.net.

    ;; ADDITIONAL SECTION:
    a.gtld-servers.net. 172800 IN A 192.5.6.30
    b.gtld-servers.net. 172800 IN A 192.33.14.30
    c.gtld-servers.net. 172800 IN A 192.26.92.30
    d.gtld-servers.net. 172800 IN A 192.31.80.30
    e.gtld-servers.net. 172800 IN A 192.12.94.30
    f.gtld-servers.net. 172800 IN A 192.35.51.30
    g.gtld-servers.net. 172800 IN A 192.42.93.30
    h.gtld-servers.net. 172800 IN A 192.54.112.30
    i.gtld-servers.net. 172800 IN A 192.43.172.30
    j.gtld-servers.net. 172800 IN A 192.48.79.30
    k.gtld-servers.net. 172800 IN A 192.52.178.30
    l.gtld-servers.net. 172800 IN A 192.41.162.30
    m.gtld-servers.net. 172800 IN A 192.55.83.30
    a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30
    b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30
    c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30
    d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30
    e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30
    f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30
    g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30
    h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30
    i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30
    j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30
    k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30
    l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30
    m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30

    ;; Query time: 27 msec
    ;; SERVER: 198.97.190.53#53(198.97.190.53)
    ;; WHEN: Sat Feb 22 17:57:53 EST 2020
    ;; MSG SIZE rcvd: 828

    Does it matter that my DNS is set to 127.0.0.1?


  • LAYER 8 Global Moderator

    That was after you rebooted.. Or was that before you rebooted... You shouldn't have to reboot - just restart unbound.


  • LAYER 8 Global Moderator

    if you are resolving - then yes your dns should be set to loopback! That is unbound directly..



  • This was after I rebooted. Prior to that, I did in fact restart unbound manually, but it did not fix the problem. Rebooting always solves this issue, for some length of time, but then it always recurs

    It occurs to me that the reason I can access sites in the browser that I have never accessed before even when I am experiencing this issue is that I am using Firefox, which internally sets its own DNS to cloudfare DNS. So it is probably bypassing the pfSense DNS and allowing me to access these sites. So it was masking the issue. Strangely though, it was still not allowing me to access feedly.com. So something is still being blocked somewhere at some point.



  • Other than rebooting, is there anything else I can try to get Unbound connected to the root servers when this occurs again?


  • LAYER 8 Global Moderator

    @pfguy2018 said in Strange issue - not sure how to fix:

    which internally sets its own DNS to cloudfare DNS

    Mine doesn't - I have that shit turned off!! F that going to hand everything to cloudflare..

    I would validate the query is actually going out, or not... Do a sniff on your wan - are you seeing dns going out.. Up the logging of unbound to see if you can see errors, etc.

    If your saying restarting unbound doesn't fix it but reboot, then points to something with the connection... Sniff to see if your dns goes out and your just not getting an answer.



  • I don't see any errors in the unbound log at level 2 or 3 logging. I am not sure how to sniff the WAN traffic - can you point me to some instructions for how to do that?


  • LAYER 8 Global Moderator

    Go to diag menu, packet capture - pick your wan interface.



  • Doing that, how do I check if the root servers are being queried?


  • LAYER 8 Global Moderator

    Well query something ;) While your sniffing..



  • OK, now I just have to wait for the DNS resolution to start failing again before I sniff the traffic. Will report back later.


  • LAYER 8 Global Moderator

    You sniff now right to get a feel for what sort of traffic you see, etc. When its working...

    You might want to grab say wireshark for your pc, so you can load the capture into that - download on the diag page.. This will give you way more insight and details of what is going on.. But really your just wanting to see that hey the query went out.. Did you or did you not get an answer..

    What you were showing you were having timeouts..



  • I am trying to post the traffic output, but it is being flagged as spam by the software running the forum, and I can't post it.



  • 08:57:57.060415 ARP, Request who-has 99.228.243.128 tell 99.228.242.1, length 46
    08:57:57.071807 IP xxx.xxx.xxx.xxx > 99.228.144.1: ICMP echo request, id 42349, seq 6292, length 8
    08:57:57.082227 IP 99.228.144.1 > xxx.xxx.xxx.xxx: ICMP echo reply, id 42349, seq 6292, length 8
    08:57:57.084566 IP xxx.xxx.xxx.xxx.23495 > 24.156.130.43.80: tcp 442
    08:57:57.092988 IP 24.156.130.43.80 > xxx.xxx.xxx.xxx.23495: tcp 0
    08:57:57.097414 ARP, Request who-has 206.188.75.254 tell 206.188.75.225, length 46
    08:57:57.100039 IP 24.156.130.43.80 > xxx.xxx.xxx.xxx.23495: tcp 1448
    08:57:57.100058 IP 24.156.130.43.80 > xxx.xxx.xxx.xxx.23495: tcp 572
    08:57:57.101500 IP xxx.xxx.xxx.xxx.23495 > 24.156.130.43.80: tcp 0
    08:57:57.115341 ARP, Request who-has 99.228.195.183 tell 99.228.194.1, length 46
    08:57:57.132347 ARP, Request who-has 209.142.43.80 tell 209.142.43.65, length 46
    08:57:57.136346 ARP, Request who-has 104.158.199.48 tell 104.158.199.33, length 46
    08:57:57.153353 ARP, Request who-has 72.53.212.137 tell 72.53.212.129, length 46
    08:57:57.155347 ARP, Request who-has 99.228.150.0 tell 99.228.150.1, length 46
    08:57:57.157348 ARP, Request who-has 135.23.223.90 tell 135.23.223.65, length 46
    08:57:57.176453 ARP, Request who-has 108.168.98.253 tell 108.168.98.225, length 46
    08:57:57.183379 ARP, Request who-has 99.228.197.247 tell 99.228.196.1, length 46
    08:57:57.189359 ARP, Request who-has 99.228.237.142 tell 99.228.236.1, length 46
    08:57:57.190311 IP xxx.xxx.xxx.xxx.24725 > 151.101.126.99.443: tcp 111
    08:57:57.192357 ARP, Request who-has 99.228.237.217 tell 99.228.236.1, length 46
    08:57:57.202537 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1448
    08:57:57.202631 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1340
    08:57:57.202682 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1448
    08:57:57.202876 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1340
    
    
    


  • I was able to post part of it above. Not sure if it contains any useful info.


  • LAYER 8 Global Moderator

    None of that is dns... Port 53 is dns..

    This is dns traffic

    08:51:11.915816 IP 64.53.xxx.xxx.1499 > 204.13.251.3.53: UDP, length 47
    08:51:11.916510 IP 64.53.xxx.xxx.24691 > 208.78.71.3.53: UDP, length 47
    08:51:11.918974 IP 64.53.xxx.xxx.63171 > 208.80.125.4.53: UDP, length 46
    08:51:11.919863 IP 64.53.xxx.xxx.29586 > 208.80.126.4.53: UDP, length 46
    08:51:11.943785 IP 208.80.126.4.53 > 64.53.xxx.xxx.29586: UDP, length 92
    08:51:11.944094 IP 64.53.xxx.xxx.26752 > 192.229.254.5.53: UDP, length 47
    08:51:11.945081 IP 208.80.125.4.53 > 64.53.xxx.xxx.63171: UDP, length 95
    08:51:11.945275 IP 64.53.xxx.xxx.34945 > 72.21.80.6.53: UDP, length 47
    08:51:11.945456 IP 208.78.71.3.53 > 64.53.xxx.xxx.24691: UDP, length 116
    08:51:11.945733 IP 64.53.xxx.xxx.29783 > 208.80.125.4.53: UDP, length 46
    08:51:11.959085 IP 204.13.251.3.53 > 64.53.xxx.xxx.1499: UDP, length 116
    08:51:11.959591 IP 64.53.xxx.xxx.2756 > 208.80.125.4.53: UDP, length 46
    08:51:11.963659 IP 192.229.254.5.53 > 64.53.xxx.xxx.26752: UDP, length 63
    08:51:11.963870 IP 64.53.xxx.xxx.11652 > 192.229.254.6.53: UDP, length 47
    08:51:11.969938 IP 208.80.125.4.53 > 64.53.xxx.xxx.29783: UDP, length 95
    08:51:11.970255 IP 64.53.xxx.xxx.42952 > 192.229.254.6.53: UDP, length 47
    08:51:11.971483 IP 72.21.80.6.53 > 64.53.xxx.xxx.34945: UDP, length 63
    08:51:11.971721 IP 64.53.xxx.xxx.23430 > 72.21.80.6.53: UDP, length 47
    08:51:11.976236 IP 208.80.125.4.53 > 64.53.xxx.xxx.2756: UDP, length 95
    08:51:11.976409 IP 64.53.xxx.xxx.57024 > 72.21.80.5.53: UDP, length 47
    08:51:11.977384 IP 192.229.254.6.53 > 64.53.xxx.xxx.11652: UDP, length 63
    

    And if open in wireshark I can see info..
    dns.jpg



  • Here is the port 53 UDP traffic when running the dig feedly.com +trace command

    09:51:27.591255 IP 72.246.46.129.53 > xxx.xxx.xxx.xxx.22371: UDP, length 63
    09:51:27.592186 IP xxx.xxx.xxx.xxx.13656 > 23.61.199.64.53: UDP, length 44
    09:51:27.596218 IP 192.5.5.241.53 > xxx.xxx.xxx.xxx.17958: UDP, length 786
    09:51:27.596325 IP 199.19.56.1.53 > xxx.xxx.xxx.xxx.51001: UDP, length 1021
    09:51:27.596694 IP xxx.xxx.xxx.xxx.28502 > 43.230.48.1.53: UDP, length 34
    09:51:27.597226 IP xxx.xxx.xxx.xxx.54324 > 2.16.130.131.53: UDP, length 47
    09:51:27.598180 IP 84.53.139.66.53 > xxx.xxx.xxx.xxx.17594: UDP, length 113
    09:51:27.598532 IP xxx.xxx.xxx.xxx.50451 > 23.211.132.65.53: UDP, length 54
    09:51:27.602183 IP 23.211.133.131.53 > xxx.xxx.xxx.xxx.61509: UDP, length 62
    09:51:27.602257 IP 184.26.161.130.53 > xxx.xxx.xxx.xxx.19037: UDP, length 63
    09:51:27.604184 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.27810: UDP, length 62
    09:51:27.605758 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.36489: UDP, length 62
    09:51:27.605868 IP 192.41.162.30.53 > xxx.xxx.xxx.xxx.37184: UDP, length 745
    09:51:27.606422 IP xxx.xxx.xxx.xxx.28094 > 217.160.82.194.53: UDP, length 46
    09:51:27.606709 IP xxx.xxx.xxx.xxx.42365 > 217.160.81.195.53: UDP, length 46
    09:51:27.607408 IP 192.42.93.30.53 > xxx.xxx.xxx.xxx.64205: UDP, length 1374
    09:51:27.608006 IP xxx.xxx.xxx.xxx.10823 > 199.7.91.13.53: UDP, length 47
    09:51:27.608960 IP 96.7.49.129.53 > xxx.xxx.xxx.xxx.29227: UDP, length 109
    09:51:27.609059 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.24107: UDP, length 116
    09:51:27.609384 IP xxx.xxx.xxx.xxx.58014 > 2.22.230.130.53: UDP, length 65
    09:51:27.610087 IP xxx.xxx.xxx.xxx.29106 > 193.108.88.128.53: UDP, length 58
    09:51:27.610604 IP 199.249.112.1.53 > xxx.xxx.xxx.xxx.24105: UDP, length 1021
    09:51:27.611073 IP xxx.xxx.xxx.xxx.59245 > 2.16.130.131.53: UDP, length 47
    09:51:27.612161 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.4652: UDP, length 62
    09:51:27.612257 IP 23.74.25.128.53 > xxx.xxx.xxx.xxx.35281: UDP, length 63
    09:51:27.612334 IP 95.100.168.128.53 > xxx.xxx.xxx.xxx.35288: UDP, length 63
    09:51:27.614307 IP 216.239.34.10.53 > xxx.xxx.xxx.xxx.56661: UDP, length 64
    09:51:27.615835 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.30538: UDP, length 62
    09:51:27.615934 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.29119: UDP, length 62
    09:51:27.616010 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.26764: UDP, length 62
    09:51:27.616110 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.35771: UDP, length 62
    09:51:27.616185 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.32909: UDP, length 62
    09:51:27.617363 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.21281: UDP, length 62
    09:51:27.617460 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.13681: UDP, length 62
    09:51:27.626193 IP 216.239.34.10.53 > xxx.xxx.xxx.xxx.48475: UDP, length 71
    09:51:27.630169 IP 23.211.132.65.53 > xxx.xxx.xxx.xxx.50451: UDP, length 113
    09:51:27.630273 IP 81.91.164.5.53 > xxx.xxx.xxx.xxx.47478: UDP, length 691
    09:51:27.630882 IP xxx.xxx.xxx.xxx.29570 > 217.160.80.193.53: UDP, length 45
    09:51:27.630885 IP xxx.xxx.xxx.xxx.42631 > 95.100.168.130.53: UDP, length 51
    09:51:27.631227 IP xxx.xxx.xxx.xxx.24142 > 217.160.81.196.53: UDP, length 45
    09:51:27.631510 IP xxx.xxx.xxx.xxx.48389 > 217.160.82.194.53: UDP, length 45
    09:51:27.631761 IP xxx.xxx.xxx.xxx.35040 > 217.160.80.193.53: UDP, length 45
    09:51:27.634252 IP 199.7.91.13.53 > xxx.xxx.xxx.xxx.10823: UDP, length 825
    09:51:27.636334 IP xxx.xxx.xxx.xxx.10416 > 192.112.36.4.53: UDP, length 47
    09:51:27.637532 IP 77.67.63.105.53 > xxx.xxx.xxx.xxx.45244: UDP, length 691
    09:51:27.637936 IP xxx.xxx.xxx.xxx.56311 > 217.160.80.193.53: UDP, length 45
    09:51:27.638203 IP xxx.xxx.xxx.xxx.49832 > 217.160.82.195.53: UDP, length 45
    09:51:27.638558 IP xxx.xxx.xxx.xxx.45100 > 217.160.80.193.53: UDP, length 45
    09:51:27.638841 IP xxx.xxx.xxx.xxx.40751 > 217.160.81.196.53: UDP, length 45
    09:51:27.639090 IP xxx.xxx.xxx.xxx.15400 > 217.160.80.193.53: UDP, length 45
    09:51:27.640279 IP 192.33.14.30.53 > xxx.xxx.xxx.xxx.54683: UDP, length 861
    09:51:27.640641 IP xxx.xxx.xxx.xxx.42994 > 205.251.193.222.53: UDP, length 49
    09:51:27.641838 IP 23.61.199.64.53 > xxx.xxx.xxx.xxx.13656: UDP, length 75
    09:51:27.642357 IP xxx.xxx.xxx.xxx.50850 > 23.211.133.65.53: UDP, length 57
    09:51:27.643439 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.42365: UDP, length 62
    09:51:27.643538 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.28094: UDP, length 62
    09:51:27.651518 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.6554: UDP, length 119
    09:51:27.651878 IP xxx.xxx.xxx.xxx.18779 > 2.22.230.130.53: UDP, length 63
    09:51:27.652855 IP 192.55.83.30.53 > xxx.xxx.xxx.xxx.30344: UDP, length 860
    09:51:27.653222 IP xxx.xxx.xxx.xxx.60974 > 205.251.192.36.53: UDP, length 49
    09:51:27.654541 IP 96.7.50.128.53 > xxx.xxx.xxx.xxx.20917: UDP, length 62
    09:51:27.656047 IP 205.251.193.222.53 > xxx.xxx.xxx.xxx.42994: UDP, length 335
    09:51:27.656517 IP xxx.xxx.xxx.xxx.59577 > 205.251.194.236.53: UDP, length 61
    09:51:27.656820 IP xxx.xxx.xxx.xxx.29228 > 199.249.120.1.53: UDP, length 42
    09:51:27.657617 IP 2.22.230.67.53 > xxx.xxx.xxx.xxx.64172: UDP, length 60
    09:51:27.660843 IP 95.100.168.130.53 > xxx.xxx.xxx.xxx.42631: UDP, length 78
    09:51:27.661332 IP xxx.xxx.xxx.xxx.51498 > 84.53.139.129.53: UDP, length 55
    09:51:27.664356 IP 194.146.107.6.53 > xxx.xxx.xxx.xxx.63915: UDP, length 691
    09:51:27.664745 IP xxx.xxx.xxx.xxx.7053 > 217.160.80.193.53: UDP, length 45
    09:51:27.669345 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.29570: UDP, length 61
    09:51:27.670896 IP 23.211.133.65.53 > xxx.xxx.xxx.xxx.50850: UDP, length 93
    09:51:27.671397 IP xxx.xxx.xxx.xxx.48083 > 192.55.83.30.53: UDP, length 43
    09:51:27.672499 IP 205.251.192.36.53 > xxx.xxx.xxx.xxx.60974: UDP, length 334
    09:51:27.672595 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.35040: UDP, length 61
    09:51:27.672694 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.48389: UDP, length 61
    09:51:27.672771 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.56311: UDP, length 61
    09:51:27.672870 IP 217.160.81.196.53 > xxx.xxx.xxx.xxx.24142: UDP, length 61
    09:51:27.675649 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.29106: UDP, length 95
    09:51:27.676171 IP xxx.xxx.xxx.xxx.63756 > 2.22.230.65.53: UDP, length 44
    09:51:27.679194 IP 217.160.82.195.53 > xxx.xxx.xxx.xxx.49832: UDP, length 61
    09:51:27.679295 IP 217.160.81.196.53 > xxx.xxx.xxx.xxx.40751: UDP, length 61
    09:51:27.679370 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.45100: UDP, length 61
    09:51:27.680771 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.15400: UDP, length 61
    09:51:27.682372 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.8658: UDP, length 63
    09:51:27.685197 IP 84.53.139.129.53 > xxx.xxx.xxx.xxx.51498: UDP, length 82
    09:51:27.685719 IP xxx.xxx.xxx.xxx.51725 > 23.61.199.131.53: UDP, length 63
    09:51:27.688401 IP 205.251.194.236.53 > xxx.xxx.xxx.xxx.59577: UDP, length 326
    09:51:27.690010 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.33996: UDP, length 63
    09:51:27.691586 IP 192.112.36.4.53 > xxx.xxx.xxx.xxx.10416: UDP, length 825
    09:51:27.692067 IP xxx.xxx.xxx.xxx.23482 > 192.33.4.12.53: UDP, length 47
    09:51:27.693312 IP 199.249.120.1.53 > xxx.xxx.xxx.xxx.29228: UDP, length 805
    09:51:27.693687 IP xxx.xxx.xxx.xxx.32444 > 205.251.196.15.53: UDP, length 50
    09:51:27.698206 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.7053: UDP, length 61
    09:51:27.698273 IP 2.22.230.130.53 > xxx.xxx.xxx.xxx.58014: UDP, length 104
    09:51:27.698984 IP xxx.xxx.xxx.xxx.60192 > 192.5.6.30.53: UDP, length 43
    09:51:27.699784 IP 195.243.137.26.53 > xxx.xxx.xxx.xxx.24580: UDP, length 691
    09:51:27.700132 IP xxx.xxx.xxx.xxx.9782 > 217.160.82.193.53: UDP, length 45
    09:51:27.701374 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.30060: UDP, length 63
    09:51:27.702983 IP 43.230.48.1.53 > xxx.xxx.xxx.xxx.28502: UDP, length 546
    09:51:27.703322 IP xxx.xxx.xxx.xxx.33833 > 213.248.216.1.53: UDP, length 44
    

  • LAYER 8 Global Moderator

    Open that up in wireshark and you can see way more info on what is being asked, what is being returned... See my edit above post.

    But for example, you see that query to 192.33.4.12 that is one of the root servers.

    ;; QUESTION SECTION:
    ;12.4.33.192.in-addr.arpa.      IN      PTR
    
    ;; ANSWER SECTION:
    12.4.33.192.in-addr.arpa. 10800 IN      PTR     c.root-servers.net.
    


  • @johnpoz
    So that would suggest that things are working right now? Which is good. I will repeat this traffic capture once things go south again.

    I have installed Wireshark, but am not sure how to get my traffic into it from the text file I have. Any pointers there?


  • LAYER 8 Global Moderator

    Not the text that is shown, the download button.

    downloadpcap.jpg



  • Great - got it. Now how do I edit out my ip address prior to posting the output? There does not seem to be any replace function in the UI that I can see.



  • @pfguy2018
    NVM - figured that out
    Here is some of the output from the capture I posted above
    Screen Shot 2020-02-23 at 10.18.30 AM copy.jpg



  • It's a little hard to read the image, but there do appear to be successful queries to the root servers, as expected. So I will repeat this capture once the domain question stops resolving, to see if there are any differences in the traffic.


  • LAYER 8 Global Moderator

    Exactly the big question is are you actually sending the queries and just not getting an answer.. Or are you not sending them at all..

    If it was just something hung up in unbound, you would think a restart of it would fix it... But your having to reboot... Which makes less sense unless its something with the actual wan connection.

    You should always know the IPs of the roots, because you don't have to query for them - its in the hints file.. So you should always be able to query for IP of a root server even if no wan connectivity..

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig h.root-servers.net
    
    ; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34795
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;h.root-servers.net.            IN      A
    
    ;; ANSWER SECTION:
    h.root-servers.net.     25823   IN      A       198.97.190.53
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Feb 23 09:30:53 CST 2020
    ;; MSG SIZE  rcvd: 63
    

    You should be able to ask unbound this way as well how it would look up NS for a tld... When it fails again.. I would check this as well to see what the output is..

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf lookup com
    The following name servers are used for lookup of com.
    ;rrset 80980 13 0 2 0
    com.    80980   IN      NS      b.gtld-servers.net.
    com.    80980   IN      NS      e.gtld-servers.net.
    com.    80980   IN      NS      c.gtld-servers.net.
    com.    80980   IN      NS      h.gtld-servers.net.
    com.    80980   IN      NS      l.gtld-servers.net.
    com.    80980   IN      NS      a.gtld-servers.net.
    com.    80980   IN      NS      k.gtld-servers.net.
    com.    80980   IN      NS      g.gtld-servers.net.
    com.    80980   IN      NS      i.gtld-servers.net.
    com.    80980   IN      NS      f.gtld-servers.net.
    com.    80980   IN      NS      d.gtld-servers.net.
    com.    80980   IN      NS      j.gtld-servers.net.
    com.    80980   IN      NS      m.gtld-servers.net.
    ;rrset 80980 1 1 11 5
    com.    80980   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
    com.    80980   IN      RRSIG   DS 8 1 86400 20200307050000 20200223040000 33853 . sLV0mt5DtczNJfepnGzpEjM5Gctb51i5Spnjk63LfpKu0YiWw160w9zDis/RoclzEKIAQ1wSWJNo04uBOQg7VAQ646bPoEcvSQ2Y7GJap4FqVIdAS3o5pJhKKmqeSVJxQ/aaj1BQAaWEFaU9yIvtnNWL7Lg0wUakZ483FTUxknRzTVHEVhNhnLUdjUcxEId0wEmmrkfsc5yiqRV9fYcOXUEZwFrV8YaoOTKaXKeL69zA2S4CJyXqQMbzFndPEE3/FnIhk3F19JfLgya8kwKTKbX22JJImxbmXA4zMTI8efnhlJ/ZS5QuuPcY2P2r+qVITs2Ibv2gvVBCYJltNxxaEQ== ;{id = 33853}
    ;rrset 25739 1 0 8 3
    m.gtld-servers.net.     25739   IN      A       192.55.83.30
    ;rrset 25739 1 0 8 3
    m.gtld-servers.net.     25739   IN      AAAA    2001:501:b1f9::30
    ;rrset 25738 1 0 8 3
    j.gtld-servers.net.     25738   IN      A       192.48.79.30
    ;rrset 25738 1 0 8 3
    j.gtld-servers.net.     25738   IN      AAAA    2001:502:7094::30
    ;rrset 25737 1 0 8 3
    d.gtld-servers.net.     25737   IN      A       192.31.80.30
    ;rrset 25737 1 0 8 3
    d.gtld-servers.net.     25737   IN      AAAA    2001:500:856e::30
    ;rrset 25737 1 0 8 3
    f.gtld-servers.net.     25737   IN      A       192.35.51.30
    ;rrset 25737 1 0 8 3
    f.gtld-servers.net.     25737   IN      AAAA    2001:503:d414::30
    ;rrset 25738 1 0 8 3
    i.gtld-servers.net.     25738   IN      A       192.43.172.30
    ;rrset 25738 1 0 8 3
    i.gtld-servers.net.     25738   IN      AAAA    2001:503:39c1::30
    ;rrset 25738 1 0 8 3
    g.gtld-servers.net.     25738   IN      A       192.42.93.30
    ;rrset 25738 1 0 8 3
    g.gtld-servers.net.     25738   IN      AAAA    2001:503:eea3::30
    ;rrset 25738 1 0 8 3
    k.gtld-servers.net.     25738   IN      A       192.52.178.30
    ;rrset 25738 1 0 8 3
    k.gtld-servers.net.     25738   IN      AAAA    2001:503:d2d::30
    ;rrset 25737 1 0 8 3
    a.gtld-servers.net.     25737   IN      A       192.5.6.30
    ;rrset 25737 1 0 8 3
    a.gtld-servers.net.     25737   IN      AAAA    2001:503:a83e::2:30
    ;rrset 25738 1 0 8 3
    l.gtld-servers.net.     25738   IN      A       192.41.162.30
    ;rrset 25739 1 0 8 3
    l.gtld-servers.net.     25739   IN      AAAA    2001:500:d937::30
    ;rrset 25738 1 0 8 3
    h.gtld-servers.net.     25738   IN      A       192.54.112.30
    ;rrset 25738 1 0 8 3
    h.gtld-servers.net.     25738   IN      AAAA    2001:502:8cc::30
    ;rrset 25737 1 0 8 3
    c.gtld-servers.net.     25737   IN      A       192.26.92.30
    ;rrset 25737 1 0 8 3
    c.gtld-servers.net.     25737   IN      AAAA    2001:503:83eb::30
    ;rrset 25737 1 0 8 3
    e.gtld-servers.net.     25737   IN      A       192.12.94.30
    ;rrset 25737 1 0 8 3
    e.gtld-servers.net.     25737   IN      AAAA    2001:502:1ca1::30
    ;rrset 25737 1 0 8 3
    b.gtld-servers.net.     25737   IN      A       192.33.14.30
    ;rrset 25737 1 0 8 3
    b.gtld-servers.net.     25737   IN      AAAA    2001:503:231d::2:30
    Delegation with 13 names, of which 0 can be examined to query further addresses.
    It provides 26 IP addresses.
    2001:503:231d::2:30     rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.33.14.30            not in infra cache.
    2001:502:1ca1::30       rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.12.94.30            rto 191 msec, ttl 302, ping 15 var 44 rtt 191, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:83eb::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.26.92.30            rto 183 msec, ttl 302, ping 15 var 42 rtt 183, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:502:8cc::30        not in infra cache.
    192.54.112.30           rto 243 msec, ttl 294, ping 3 var 60 rtt 243, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:500:d937::30       rto 376 msec, ttl 302, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.41.162.30           rto 285 msec, ttl 473, ping 17 var 67 rtt 285, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:a83e::2:30     rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.5.6.30              rto 279 msec, ttl 733, ping 7 var 68 rtt 279, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:d2d::30        rto 376 msec, ttl 302, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.52.178.30           rto 317 msec, ttl 711, ping 13 var 76 rtt 317, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:eea3::30       rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.42.93.30            rto 327 msec, ttl 91, ping 23 var 76 rtt 327, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:39c1::30       rto 376 msec, ttl 711, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.43.172.30           rto 214 msec, ttl 268, ping 6 var 52 rtt 214, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:d414::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.35.51.30            rto 365 msec, ttl 473, ping 9 var 89 rtt 365, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:500:856e::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.31.80.30            rto 238 msec, ttl 302, ping 10 var 57 rtt 238, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:502:7094::30       not in infra cache.
    192.48.79.30            rto 302 msec, ttl 706, ping 2 var 75 rtt 302, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:501:b1f9::30       not in infra cache.
    192.55.83.30            rto 351 msec, ttl 706, ping 7 var 86 rtt 351, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: 
    

    To validate it actually has IPs for roots.

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf lookup .
    The following name servers are used for lookup of .
    ;rrset 80411 13 1 11 5
    .       80411   IN      NS      k.root-servers.net.
    .       80411   IN      NS      b.root-servers.net.
    .       80411   IN      NS      m.root-servers.net.
    .       80411   IN      NS      c.root-servers.net.
    .       80411   IN      NS      d.root-servers.net.
    .       80411   IN      NS      l.root-servers.net.
    .       80411   IN      NS      h.root-servers.net.
    .       80411   IN      NS      j.root-servers.net.
    .       80411   IN      NS      g.root-servers.net.
    .       80411   IN      NS      e.root-servers.net.
    .       80411   IN      NS      f.root-servers.net.
    .       80411   IN      NS      a.root-servers.net.
    .       80411   IN      NS      i.root-servers.net.
    .       80411   IN      RRSIG   NS 8 0 518400 20200307050000 20200223040000 33853 . OywKX+NljD5Qsir5p4YY6Cz4raE6/1M5peyPyBymFCakHkG2tKG6u8k70cjNe/VAyYG0JPkqOFJ7I4+gzCqODab/8Vc18hClQ3XO6yj5IsdWcl5w+GgI7DFO5Tk7Bhx/5HqCNEXrmiCr8u1qvry0cdgmOO8iYvMDSXnT4FlGt49DIr4msrRU6Fsr0yjamoBVdcEaQwU9KDptzbMDnqJVL2FYGnpftrVanszm6Vs8q2iZivNlmTL1b2QKFidqI8DLs6V2yIPMbCOHFdAwlfw6LpWUaQhUxmxdsfBn28QUonZTUz/BOWpzWRmXDb2TDo1ofUkoOLvj7pHJvC7JEt07Zg== ;{id = 33853}
    ;rrset 25166 1 0 8 3
    i.root-servers.net.     25166   IN      A       192.36.148.17
    ;rrset 25166 1 0 8 3
    i.root-servers.net.     25166   IN      AAAA    2001:7fe::53
    ;rrset 25167 1 0 8 3
    a.root-servers.net.     25167   IN      A       198.41.0.4
    ;rrset 25167 1 0 8 3
    a.root-servers.net.     25167   IN      AAAA    2001:503:ba3e::2:30
    ;rrset 25166 1 0 8 3
    f.root-servers.net.     25166   IN      A       192.5.5.241
    ;rrset 25166 1 0 8 3
    f.root-servers.net.     25166   IN      AAAA    2001:500:2f::f
    ;rrset 25165 1 0 8 3
    e.root-servers.net.     25165   IN      A       192.203.230.10
    ;rrset 25165 1 0 8 3
    e.root-servers.net.     25165   IN      AAAA    2001:500:a8::e
    ;rrset 25166 1 0 8 3
    g.root-servers.net.     25166   IN      A       192.112.36.4
    ;rrset 25166 1 0 8 3
    g.root-servers.net.     25166   IN      AAAA    2001:500:12::d0d
    ;rrset 25167 1 0 8 3
    j.root-servers.net.     25167   IN      A       192.58.128.30
    ;rrset 25167 1 0 8 3
    j.root-servers.net.     25167   IN      AAAA    2001:503:c27::2:30
    ;rrset 25164 1 0 8 3
    h.root-servers.net.     25164   IN      A       198.97.190.53
    ;rrset 25164 1 0 8 3
    h.root-servers.net.     25164   IN      AAAA    2001:500:1::53
    ;rrset 25167 1 0 8 3
    l.root-servers.net.     25167   IN      A       199.7.83.42
    ;rrset 25167 1 0 8 3
    l.root-servers.net.     25167   IN      AAAA    2001:500:9f::42
    ;rrset 25167 1 0 8 3
    d.root-servers.net.     25167   IN      A       199.7.91.13
    ;rrset 25167 1 0 8 3
    d.root-servers.net.     25167   IN      AAAA    2001:500:2d::d
    ;rrset 25165 1 0 8 3
    c.root-servers.net.     25165   IN      A       192.33.4.12
    ;rrset 25166 1 0 8 3
    c.root-servers.net.     25166   IN      AAAA    2001:500:2::c
    ;rrset 25165 1 0 8 3
    m.root-servers.net.     25165   IN      A       202.12.27.33
    ;rrset 25165 1 0 8 3
    m.root-servers.net.     25165   IN      AAAA    2001:dc3::35
    ;rrset 25166 1 0 8 3
    b.root-servers.net.     25166   IN      A       199.9.14.201
    ;rrset 25167 1 0 8 3
    b.root-servers.net.     25167   IN      AAAA    2001:500:200::b
    ;rrset 25165 1 0 8 3
    k.root-servers.net.     25165   IN      A       193.0.14.129
    ;rrset 25165 1 0 8 3
    k.root-servers.net.     25165   IN      AAAA    2001:7fd::1
    Delegation with 13 names, of which 0 can be examined to query further addresses.
    It provides 26 IP addresses.
    2001:7fd::1             rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    193.0.14.129            not in infra cache.
    2001:500:200::b         not in infra cache.
    199.9.14.201            rto 369 msec, ttl 481, ping 9 var 90 rtt 369, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:dc3::35            rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    202.12.27.33            not in infra cache.
    2001:500:2::c           not in infra cache.
    192.33.4.12             not in infra cache.
    2001:500:2d::d          not in infra cache.
    199.7.91.13             not in infra cache.
    2001:500:9f::42         rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    199.7.83.42             rto 356 msec, ttl 751, ping 8 var 87 rtt 356, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:500:1::53          not in infra cache.
    198.97.190.53           not in infra cache.
    2001:503:c27::2:30      rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
    192.58.128.30           not in infra cache.
    2001:500:12::d0d        not in infra cache.
    192.112.36.4            rto 328 msec, ttl 751, ping 4 var 81 rtt 328, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:500:a8::e          not in infra cache.
    192.203.230.10          not in infra cache.
    2001:500:2f::f          not in infra cache.
    192.5.5.241             rto 320 msec, ttl 751, ping 4 var 79 rtt 320, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:ba3e::2:30     not in infra cache.
    198.41.0.4              rto 256 msec, ttl 228, ping 4 var 63 rtt 256, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:7fe::53            not in infra cache.
    192.36.148.17           not in infra cache.
    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: 
    


  • @johnpoz said in Strange issue - not sure how to fix:

    unbound-control -c /var/unbound/unbound.conf lookup .

    Yes, when I run those commands, I get very similar output to what you posted, as I should. So I will wait for the next time that domains stop resolving, and run everything again, and then post the results. Unfortunately, I have no idea when that will occur.



  • It happened again and I was able to run the various commands you listed above and perform a packet capture.

    ; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56121
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;h.root-servers.net.		IN	A
    
    ;; ANSWER SECTION:
    h.root-servers.net.	86400	IN	A	198.97.190.53
    
    ;; Query time: 158 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Feb 23 16:18:59 EST 2020
    ;; MSG SIZE  rcvd: 63
    
    The following name servers are used for lookup of com.
    ;rrset 85352 13 0 2 0
    com.	85352	IN	NS	a.gtld-servers.net.
    com.	85352	IN	NS	b.gtld-servers.net.
    com.	85352	IN	NS	c.gtld-servers.net.
    com.	85352	IN	NS	d.gtld-servers.net.
    com.	85352	IN	NS	e.gtld-servers.net.
    com.	85352	IN	NS	f.gtld-servers.net.
    com.	85352	IN	NS	g.gtld-servers.net.
    com.	85352	IN	NS	h.gtld-servers.net.
    com.	85352	IN	NS	i.gtld-servers.net.
    com.	85352	IN	NS	j.gtld-servers.net.
    com.	85352	IN	NS	k.gtld-servers.net.
    com.	85352	IN	NS	l.gtld-servers.net.
    com.	85352	IN	NS	m.gtld-servers.net.
    ;rrset 85352 1 1 11 5
    com.	85352	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
    com.	85352	IN	RRSIG	DS 8 1 86400 20200307170000 20200223160000 33853 . AkoMkh2radmKCnXu8NeiINg3AlAYfHvuZORUApNH96ZCtOkPZ0vxFgdwnls009OkPO2IYeUuIySROSJNSPc9Ukj/ybot7AyjAv6brrTcYVCg0KvPPSaFLwBCHXuJdUNlIF8xhxv73/gFBEcGThLAmxfeRk2lpODXeXNDbZ9GPnWVeC2KVwEeL22JfBcBmpAxEhNLnufgPLR5Kv9aY+O7cleHDuRpQa4qNSEBgF/88ugrpNdixNx+5FO6Nl7mZRdPjSr97H6EH/aCvlzPMGl7bPVtT/7A9T943yQP4kMznxVRSMNXSMimarzRJhmM0ZE5H1qwUTi+UoeMjBq+mJHmBA== ;{id = 33853}
    ;rrset 85352 1 0 1 0
    m.gtld-servers.net.	85352	IN	A	192.55.83.30
    ;rrset 85352 1 0 1 0
    m.gtld-servers.net.	85352	IN	AAAA	2001:501:b1f9::30
    ;rrset 85352 1 0 1 0
    l.gtld-servers.net.	85352	IN	A	192.41.162.30
    ;rrset 85352 1 0 1 0
    l.gtld-servers.net.	85352	IN	AAAA	2001:500:d937::30
    ;rrset 85352 1 0 1 0
    k.gtld-servers.net.	85352	IN	A	192.52.178.30
    ;rrset 85352 1 0 1 0
    k.gtld-servers.net.	85352	IN	AAAA	2001:503:d2d::30
    ;rrset 85352 1 0 1 0
    j.gtld-servers.net.	85352	IN	A	192.48.79.30
    ;rrset 85352 1 0 1 0
    j.gtld-servers.net.	85352	IN	AAAA	2001:502:7094::30
    ;rrset 85352 1 0 1 0
    i.gtld-servers.net.	85352	IN	A	192.43.172.30
    ;rrset 85352 1 0 1 0
    i.gtld-servers.net.	85352	IN	AAAA	2001:503:39c1::30
    ;rrset 85352 1 0 1 0
    h.gtld-servers.net.	85352	IN	A	192.54.112.30
    ;rrset 85352 1 0 1 0
    h.gtld-servers.net.	85352	IN	AAAA	2001:502:8cc::30
    ;rrset 85352 1 0 1 0
    g.gtld-servers.net.	85352	IN	A	192.42.93.30
    ;rrset 85352 1 0 1 0
    g.gtld-servers.net.	85352	IN	AAAA	2001:503:eea3::30
    ;rrset 85352 1 0 1 0
    f.gtld-servers.net.	85352	IN	A	192.35.51.30
    ;rrset 85352 1 0 1 0
    f.gtld-servers.net.	85352	IN	AAAA	2001:503:d414::30
    ;rrset 85352 1 0 1 0
    e.gtld-servers.net.	85352	IN	A	192.12.94.30
    ;rrset 85352 1 0 1 0
    e.gtld-servers.net.	85352	IN	AAAA	2001:502:1ca1::30
    ;rrset 85352 1 0 1 0
    d.gtld-servers.net.	85352	IN	A	192.31.80.30
    ;rrset 85352 1 0 1 0
    d.gtld-servers.net.	85352	IN	AAAA	2001:500:856e::30
    ;rrset 85352 1 0 1 0
    c.gtld-servers.net.	85352	IN	A	192.26.92.30
    ;rrset 85352 1 0 1 0
    c.gtld-servers.net.	85352	IN	AAAA	2001:503:83eb::30
    ;rrset 85352 1 0 1 0
    b.gtld-servers.net.	85352	IN	A	192.33.14.30
    ;rrset 85352 1 0 1 0
    b.gtld-servers.net.	85352	IN	AAAA	2001:503:231d::2:30
    ;rrset 85352 1 0 1 0
    a.gtld-servers.net.	85352	IN	A	192.5.6.30
    ;rrset 85352 1 0 1 0
    a.gtld-servers.net.	85352	IN	AAAA	2001:503:a83e::2:30
    Delegation with 13 names, of which 0 can be examined to query further addresses.
    It provides 26 IP addresses.
    2001:503:a83e::2:30	not in infra cache.
    192.5.6.30      	rto 307 msec, ttl 574, ping 19 var 72 rtt 307, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:231d::2:30	not in infra cache.
    192.33.14.30    	rto 347 msec, ttl 735, ping 7 var 85 rtt 347, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:83eb::30	not in infra cache.
    192.26.92.30    	not in infra cache.
    2001:500:856e::30	not in infra cache.
    192.31.80.30    	rto 197 msec, ttl 244, ping 37 var 40 rtt 197, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:502:1ca1::30	not in infra cache.
    192.12.94.30    	not in infra cache.
    2001:503:d414::30	not in infra cache.
    192.35.51.30    	not in infra cache.
    2001:503:eea3::30	not in infra cache.
    192.42.93.30    	rto 123 msec, ttl 152, ping 23 var 25 rtt 123, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:502:8cc::30	not in infra cache.
    192.54.112.30   	rto 324 msec, ttl 635, ping 4 var 80 rtt 324, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:503:39c1::30	not in infra cache.
    192.43.172.30   	rto 298 msec, ttl 573, ping 10 var 72 rtt 298, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:502:7094::30	not in infra cache.
    192.48.79.30    	rto 752 msec, ttl 384, ping 0 var 94 rtt 376, tA 1, tAAAA 0, tother 0, EDNS 0 assumed.
    2001:503:d2d::30	not in infra cache.
    192.52.178.30   	rto 360 msec, ttl 574, ping 8 var 88 rtt 360, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:500:d937::30	not in infra cache.
    192.41.162.30   	rto 356 msec, ttl 736, ping 8 var 87 rtt 356, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:501:b1f9::30	not in infra cache.
    192.55.83.30    	rto 336 msec, ttl 551, ping 24 var 78 rtt 336, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    
    The following name servers are used for lookup of .
    ;rrset 85317 13 1 8 0
    .	85317	IN	NS	m.root-servers.net.
    .	85317	IN	NS	b.root-servers.net.
    .	85317	IN	NS	c.root-servers.net.
    .	85317	IN	NS	d.root-servers.net.
    .	85317	IN	NS	e.root-servers.net.
    .	85317	IN	NS	f.root-servers.net.
    .	85317	IN	NS	g.root-servers.net.
    .	85317	IN	NS	h.root-servers.net.
    .	85317	IN	NS	a.root-servers.net.
    .	85317	IN	NS	i.root-servers.net.
    .	85317	IN	NS	j.root-servers.net.
    .	85317	IN	NS	k.root-servers.net.
    .	85317	IN	NS	l.root-servers.net.
    .	85317	IN	RRSIG	NS 8 0 518400 20200307170000 20200223160000 33853 . GN9hZh6mOFruU2IWiP4EIvALgU6uQLlXo748wScmwsJYCcmPiPFT6y2qNnsJfg06OrI2qhZueL0NNtcZ5W9hGLFff3nzUcOETUnEWcbW4MwIRWDxVQ4MVMmsnIhWM3BCQdA5hG0eIALwJ+9q3aUe+lHhORN98lpYxfs+tx73A+GgmNZUm4Coz44hmhJ6G+mM0mYsMLZ1oAvDH/exgo/VExwEA9P3xyRQb5H09yJdc0cdmygbD8R1L/yjyQUlnyKLOC8ZQ3bpei9NKRXWqv5p29cnpwt4AiaAuZNkCVQA9SIWIKdFVrBh40NsO+RDpEcmh84r30wTVm+qYGT4PItLag== ;{id = 33853}
    ;rrset 85317 1 0 3 3
    l.root-servers.net.	85317	IN	A	199.7.83.42
    ;rrset 85317 1 0 3 3
    l.root-servers.net.	85317	IN	AAAA	2001:500:9f::42
    ;rrset 85317 1 0 3 3
    k.root-servers.net.	85317	IN	A	193.0.14.129
    ;rrset 85317 1 0 3 3
    k.root-servers.net.	85317	IN	AAAA	2001:7fd::1
    ;rrset 85317 1 0 3 3
    j.root-servers.net.	85317	IN	A	192.58.128.30
    ;rrset 85317 1 0 3 3
    j.root-servers.net.	85317	IN	AAAA	2001:503:c27::2:30
    ;rrset 85317 1 0 3 3
    i.root-servers.net.	85317	IN	A	192.36.148.17
    ;rrset 85317 1 0 3 3
    i.root-servers.net.	85317	IN	AAAA	2001:7fe::53
    ;rrset 85317 1 0 3 3
    a.root-servers.net.	85317	IN	A	198.41.0.4
    ;rrset 85317 1 0 3 3
    a.root-servers.net.	85317	IN	AAAA	2001:503:ba3e::2:30
    ;rrset 86325 1 0 8 3
    h.root-servers.net.	86325	IN	A	198.97.190.53
    ;rrset 85317 1 0 3 3
    h.root-servers.net.	85317	IN	AAAA	2001:500:1::53
    ;rrset 85317 1 0 3 3
    g.root-servers.net.	85317	IN	A	192.112.36.4
    ;rrset 85317 1 0 3 3
    g.root-servers.net.	85317	IN	AAAA	2001:500:12::d0d
    ;rrset 85317 1 0 3 3
    f.root-servers.net.	85317	IN	A	192.5.5.241
    ;rrset 85317 1 0 3 3
    f.root-servers.net.	85317	IN	AAAA	2001:500:2f::f
    ;rrset 85317 1 0 3 3
    e.root-servers.net.	85317	IN	A	192.203.230.10
    ;rrset 85317 1 0 3 3
    e.root-servers.net.	85317	IN	AAAA	2001:500:a8::e
    ;rrset 85317 1 0 3 3
    d.root-servers.net.	85317	IN	A	199.7.91.13
    ;rrset 85317 1 0 3 3
    d.root-servers.net.	85317	IN	AAAA	2001:500:2d::d
    ;rrset 85317 1 0 3 3
    c.root-servers.net.	85317	IN	A	192.33.4.12
    ;rrset 85317 1 0 3 3
    c.root-servers.net.	85317	IN	AAAA	2001:500:2::c
    ;rrset 85317 1 0 3 3
    b.root-servers.net.	85317	IN	A	199.9.14.201
    ;rrset 85317 1 0 3 3
    b.root-servers.net.	85317	IN	AAAA	2001:500:200::b
    ;rrset 85317 1 0 3 3
    m.root-servers.net.	85317	IN	A	202.12.27.33
    ;rrset 85317 1 0 3 3
    m.root-servers.net.	85317	IN	AAAA	2001:dc3::35
    Delegation with 13 names, of which 0 can be examined to query further addresses.
    It provides 26 IP addresses.
    2001:dc3::35    	not in infra cache.
    202.12.27.33    	expired, rto 62969312 msec, tA 2 tAAAA 0 tother 0.
    2001:500:200::b 	not in infra cache.
    199.9.14.201    	expired, rto 62969312 msec, tA 1 tAAAA 0 tother 0.
    2001:500:2::c   	not in infra cache.
    192.33.4.12     	rto 210 msec, ttl 110, ping 18 var 48 rtt 210, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:500:2d::d  	not in infra cache.
    199.7.91.13     	not in infra cache.
    2001:500:a8::e  	not in infra cache.
    192.203.230.10  	not in infra cache.
    2001:500:2f::f  	not in infra cache.
    192.5.5.241     	rto 287 msec, ttl 499, ping 7 var 70 rtt 287, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:500:12::d0d	not in infra cache.
    192.112.36.4    	not in infra cache.
    2001:500:1::53  	not in infra cache.
    198.97.190.53   	not in infra cache.
    2001:503:ba3e::2:30	not in infra cache.
    198.41.0.4      	not in infra cache.
    2001:7fe::53    	not in infra cache.
    192.36.148.17   	not in infra cache.
    2001:503:c27::2:30	not in infra cache.
    192.58.128.30   	rto 328 msec, ttl 642, ping 4 var 81 rtt 328, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
    2001:7fd::1     	not in infra cache.
    193.0.14.129    	not in infra cache.
    2001:500:9f::42 	not in infra cache.
    199.7.83.42     	not in infra cache.
    
    ; <<>> DiG 9.12.2-P1 <<>> feedly.com +trace
    ;; global options: +cmd
    .			85262	IN	NS	m.root-servers.net.
    .			85262	IN	NS	b.root-servers.net.
    .			85262	IN	NS	c.root-servers.net.
    .			85262	IN	NS	d.root-servers.net.
    .			85262	IN	NS	e.root-servers.net.
    .			85262	IN	NS	f.root-servers.net.
    .			85262	IN	NS	g.root-servers.net.
    .			85262	IN	NS	h.root-servers.net.
    .			85262	IN	NS	a.root-servers.net.
    .			85262	IN	NS	i.root-servers.net.
    .			85262	IN	NS	j.root-servers.net.
    .			85262	IN	NS	k.root-servers.net.
    .			85262	IN	NS	l.root-servers.net.
    .			85262	IN	RRSIG	NS 8 0 518400 20200307170000 20200223160000 33853 . GN9hZh6mOFruU2IWiP4EIvALgU6uQLlXo748wScmwsJYCcmPiPFT6y2q NnsJfg06OrI2qhZueL0NNtcZ5W9hGLFff3nzUcOETUnEWcbW4MwIRWDx VQ4MVMmsnIhWM3BCQdA5hG0eIALwJ+9q3aUe+lHhORN98lpYxfs+tx73 A+GgmNZUm4Coz44hmhJ6G+mM0mYsMLZ1oAvDH/exgo/VExwEA9P3xyRQ b5H09yJdc0cdmygbD8R1L/yjyQUlnyKLOC8ZQ3bpei9NKRXWqv5p29cn pwt4AiaAuZNkCVQA9SIWIKdFVrBh40NsO+RDpEcmh84r30wTVm+qYGT4 PItLag==
    ;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
    
    ;; connection timed out; no servers could be reached
    

    Screen Shot 2020-02-23 at 4.26.46 PM copy 2.jpg

    What can I learn from all this?


  • LAYER 8 Global Moderator

    Did you set that public IP to resolve as local?

    Where are the queries to and from .com server Servers?.. I only see queries for the root servers?

    You prob want to set number of packets to capture to 0 vs just the 100..



  • @johnpoz said in Strange issue - not sure how to fix:

    Did you set that public IP to resolve as local?

    Yes - to obscure my IP address. Wherever it says "local", it originally listed my IP address.

    Where are the queries to and from .com server Servers?.. I only see queries for the root servers?

    Not sure. But the packet capture was taken while I ran the command dig feedly.com +trace. I ran it again while trying to browse to feedly.com - results below.

    You prob want to set number of packets to capture to 0 vs just the 100..

    Done below

    Screen Shot 2020-02-23 at 4.49.10 PM copy.jpg


  • LAYER 8 Global Moderator

    That image is too small for me to make out anything.

    Looks like you have some queries for fox.com - but I don't see anything to the cloudflare NS that are for feedly.com


Log in to reply