Strange issue - not sure how to fix

pfguy2018

Doing that, how do I check if the root servers are being queried?

johnpoz

Well query something ;) While your sniffing..

pfguy2018

OK, now I just have to wait for the DNS resolution to start failing again before I sniff the traffic. Will report back later.

johnpoz

You sniff now right to get a feel for what sort of traffic you see, etc. When its working...

You might want to grab say wireshark for your pc, so you can load the capture into that - download on the diag page.. This will give you way more insight and details of what is going on.. But really your just wanting to see that hey the query went out.. Did you or did you not get an answer..

What you were showing you were having timeouts..

pfguy2018

I am trying to post the traffic output, but it is being flagged as spam by the software running the forum, and I can't post it.

pfguy2018

08:57:57.060415 ARP, Request who-has 99.228.243.128 tell 99.228.242.1, length 46
08:57:57.071807 IP xxx.xxx.xxx.xxx > 99.228.144.1: ICMP echo request, id 42349, seq 6292, length 8
08:57:57.082227 IP 99.228.144.1 > xxx.xxx.xxx.xxx: ICMP echo reply, id 42349, seq 6292, length 8
08:57:57.084566 IP xxx.xxx.xxx.xxx.23495 > 24.156.130.43.80: tcp 442
08:57:57.092988 IP 24.156.130.43.80 > xxx.xxx.xxx.xxx.23495: tcp 0
08:57:57.097414 ARP, Request who-has 206.188.75.254 tell 206.188.75.225, length 46
08:57:57.100039 IP 24.156.130.43.80 > xxx.xxx.xxx.xxx.23495: tcp 1448
08:57:57.100058 IP 24.156.130.43.80 > xxx.xxx.xxx.xxx.23495: tcp 572
08:57:57.101500 IP xxx.xxx.xxx.xxx.23495 > 24.156.130.43.80: tcp 0
08:57:57.115341 ARP, Request who-has 99.228.195.183 tell 99.228.194.1, length 46
08:57:57.132347 ARP, Request who-has 209.142.43.80 tell 209.142.43.65, length 46
08:57:57.136346 ARP, Request who-has 104.158.199.48 tell 104.158.199.33, length 46
08:57:57.153353 ARP, Request who-has 72.53.212.137 tell 72.53.212.129, length 46
08:57:57.155347 ARP, Request who-has 99.228.150.0 tell 99.228.150.1, length 46
08:57:57.157348 ARP, Request who-has 135.23.223.90 tell 135.23.223.65, length 46
08:57:57.176453 ARP, Request who-has 108.168.98.253 tell 108.168.98.225, length 46
08:57:57.183379 ARP, Request who-has 99.228.197.247 tell 99.228.196.1, length 46
08:57:57.189359 ARP, Request who-has 99.228.237.142 tell 99.228.236.1, length 46
08:57:57.190311 IP xxx.xxx.xxx.xxx.24725 > 151.101.126.99.443: tcp 111
08:57:57.192357 ARP, Request who-has 99.228.237.217 tell 99.228.236.1, length 46
08:57:57.202537 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1448
08:57:57.202631 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1340
08:57:57.202682 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1448
08:57:57.202876 IP 151.101.126.99.443 > xxx.xxx.xxx.xxx.24725: tcp 1340

pfguy2018

I was able to post part of it above. Not sure if it contains any useful info.

johnpoz

None of that is dns... Port 53 is dns..

This is dns traffic

08:51:11.915816 IP 64.53.xxx.xxx.1499 > 204.13.251.3.53: UDP, length 47
08:51:11.916510 IP 64.53.xxx.xxx.24691 > 208.78.71.3.53: UDP, length 47
08:51:11.918974 IP 64.53.xxx.xxx.63171 > 208.80.125.4.53: UDP, length 46
08:51:11.919863 IP 64.53.xxx.xxx.29586 > 208.80.126.4.53: UDP, length 46
08:51:11.943785 IP 208.80.126.4.53 > 64.53.xxx.xxx.29586: UDP, length 92
08:51:11.944094 IP 64.53.xxx.xxx.26752 > 192.229.254.5.53: UDP, length 47
08:51:11.945081 IP 208.80.125.4.53 > 64.53.xxx.xxx.63171: UDP, length 95
08:51:11.945275 IP 64.53.xxx.xxx.34945 > 72.21.80.6.53: UDP, length 47
08:51:11.945456 IP 208.78.71.3.53 > 64.53.xxx.xxx.24691: UDP, length 116
08:51:11.945733 IP 64.53.xxx.xxx.29783 > 208.80.125.4.53: UDP, length 46
08:51:11.959085 IP 204.13.251.3.53 > 64.53.xxx.xxx.1499: UDP, length 116
08:51:11.959591 IP 64.53.xxx.xxx.2756 > 208.80.125.4.53: UDP, length 46
08:51:11.963659 IP 192.229.254.5.53 > 64.53.xxx.xxx.26752: UDP, length 63
08:51:11.963870 IP 64.53.xxx.xxx.11652 > 192.229.254.6.53: UDP, length 47
08:51:11.969938 IP 208.80.125.4.53 > 64.53.xxx.xxx.29783: UDP, length 95
08:51:11.970255 IP 64.53.xxx.xxx.42952 > 192.229.254.6.53: UDP, length 47
08:51:11.971483 IP 72.21.80.6.53 > 64.53.xxx.xxx.34945: UDP, length 63
08:51:11.971721 IP 64.53.xxx.xxx.23430 > 72.21.80.6.53: UDP, length 47
08:51:11.976236 IP 208.80.125.4.53 > 64.53.xxx.xxx.2756: UDP, length 95
08:51:11.976409 IP 64.53.xxx.xxx.57024 > 72.21.80.5.53: UDP, length 47
08:51:11.977384 IP 192.229.254.6.53 > 64.53.xxx.xxx.11652: UDP, length 63

And if open in wireshark I can see info..

pfguy2018

Here is the port 53 UDP traffic when running the dig feedly.com +trace command

09:51:27.591255 IP 72.246.46.129.53 > xxx.xxx.xxx.xxx.22371: UDP, length 63
09:51:27.592186 IP xxx.xxx.xxx.xxx.13656 > 23.61.199.64.53: UDP, length 44
09:51:27.596218 IP 192.5.5.241.53 > xxx.xxx.xxx.xxx.17958: UDP, length 786
09:51:27.596325 IP 199.19.56.1.53 > xxx.xxx.xxx.xxx.51001: UDP, length 1021
09:51:27.596694 IP xxx.xxx.xxx.xxx.28502 > 43.230.48.1.53: UDP, length 34
09:51:27.597226 IP xxx.xxx.xxx.xxx.54324 > 2.16.130.131.53: UDP, length 47
09:51:27.598180 IP 84.53.139.66.53 > xxx.xxx.xxx.xxx.17594: UDP, length 113
09:51:27.598532 IP xxx.xxx.xxx.xxx.50451 > 23.211.132.65.53: UDP, length 54
09:51:27.602183 IP 23.211.133.131.53 > xxx.xxx.xxx.xxx.61509: UDP, length 62
09:51:27.602257 IP 184.26.161.130.53 > xxx.xxx.xxx.xxx.19037: UDP, length 63
09:51:27.604184 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.27810: UDP, length 62
09:51:27.605758 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.36489: UDP, length 62
09:51:27.605868 IP 192.41.162.30.53 > xxx.xxx.xxx.xxx.37184: UDP, length 745
09:51:27.606422 IP xxx.xxx.xxx.xxx.28094 > 217.160.82.194.53: UDP, length 46
09:51:27.606709 IP xxx.xxx.xxx.xxx.42365 > 217.160.81.195.53: UDP, length 46
09:51:27.607408 IP 192.42.93.30.53 > xxx.xxx.xxx.xxx.64205: UDP, length 1374
09:51:27.608006 IP xxx.xxx.xxx.xxx.10823 > 199.7.91.13.53: UDP, length 47
09:51:27.608960 IP 96.7.49.129.53 > xxx.xxx.xxx.xxx.29227: UDP, length 109
09:51:27.609059 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.24107: UDP, length 116
09:51:27.609384 IP xxx.xxx.xxx.xxx.58014 > 2.22.230.130.53: UDP, length 65
09:51:27.610087 IP xxx.xxx.xxx.xxx.29106 > 193.108.88.128.53: UDP, length 58
09:51:27.610604 IP 199.249.112.1.53 > xxx.xxx.xxx.xxx.24105: UDP, length 1021
09:51:27.611073 IP xxx.xxx.xxx.xxx.59245 > 2.16.130.131.53: UDP, length 47
09:51:27.612161 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.4652: UDP, length 62
09:51:27.612257 IP 23.74.25.128.53 > xxx.xxx.xxx.xxx.35281: UDP, length 63
09:51:27.612334 IP 95.100.168.128.53 > xxx.xxx.xxx.xxx.35288: UDP, length 63
09:51:27.614307 IP 216.239.34.10.53 > xxx.xxx.xxx.xxx.56661: UDP, length 64
09:51:27.615835 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.30538: UDP, length 62
09:51:27.615934 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.29119: UDP, length 62
09:51:27.616010 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.26764: UDP, length 62
09:51:27.616110 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.35771: UDP, length 62
09:51:27.616185 IP 217.160.83.196.53 > xxx.xxx.xxx.xxx.32909: UDP, length 62
09:51:27.617363 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.21281: UDP, length 62
09:51:27.617460 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.13681: UDP, length 62
09:51:27.626193 IP 216.239.34.10.53 > xxx.xxx.xxx.xxx.48475: UDP, length 71
09:51:27.630169 IP 23.211.132.65.53 > xxx.xxx.xxx.xxx.50451: UDP, length 113
09:51:27.630273 IP 81.91.164.5.53 > xxx.xxx.xxx.xxx.47478: UDP, length 691
09:51:27.630882 IP xxx.xxx.xxx.xxx.29570 > 217.160.80.193.53: UDP, length 45
09:51:27.630885 IP xxx.xxx.xxx.xxx.42631 > 95.100.168.130.53: UDP, length 51
09:51:27.631227 IP xxx.xxx.xxx.xxx.24142 > 217.160.81.196.53: UDP, length 45
09:51:27.631510 IP xxx.xxx.xxx.xxx.48389 > 217.160.82.194.53: UDP, length 45
09:51:27.631761 IP xxx.xxx.xxx.xxx.35040 > 217.160.80.193.53: UDP, length 45
09:51:27.634252 IP 199.7.91.13.53 > xxx.xxx.xxx.xxx.10823: UDP, length 825
09:51:27.636334 IP xxx.xxx.xxx.xxx.10416 > 192.112.36.4.53: UDP, length 47
09:51:27.637532 IP 77.67.63.105.53 > xxx.xxx.xxx.xxx.45244: UDP, length 691
09:51:27.637936 IP xxx.xxx.xxx.xxx.56311 > 217.160.80.193.53: UDP, length 45
09:51:27.638203 IP xxx.xxx.xxx.xxx.49832 > 217.160.82.195.53: UDP, length 45
09:51:27.638558 IP xxx.xxx.xxx.xxx.45100 > 217.160.80.193.53: UDP, length 45
09:51:27.638841 IP xxx.xxx.xxx.xxx.40751 > 217.160.81.196.53: UDP, length 45
09:51:27.639090 IP xxx.xxx.xxx.xxx.15400 > 217.160.80.193.53: UDP, length 45
09:51:27.640279 IP 192.33.14.30.53 > xxx.xxx.xxx.xxx.54683: UDP, length 861
09:51:27.640641 IP xxx.xxx.xxx.xxx.42994 > 205.251.193.222.53: UDP, length 49
09:51:27.641838 IP 23.61.199.64.53 > xxx.xxx.xxx.xxx.13656: UDP, length 75
09:51:27.642357 IP xxx.xxx.xxx.xxx.50850 > 23.211.133.65.53: UDP, length 57
09:51:27.643439 IP 217.160.81.195.53 > xxx.xxx.xxx.xxx.42365: UDP, length 62
09:51:27.643538 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.28094: UDP, length 62
09:51:27.651518 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.6554: UDP, length 119
09:51:27.651878 IP xxx.xxx.xxx.xxx.18779 > 2.22.230.130.53: UDP, length 63
09:51:27.652855 IP 192.55.83.30.53 > xxx.xxx.xxx.xxx.30344: UDP, length 860
09:51:27.653222 IP xxx.xxx.xxx.xxx.60974 > 205.251.192.36.53: UDP, length 49
09:51:27.654541 IP 96.7.50.128.53 > xxx.xxx.xxx.xxx.20917: UDP, length 62
09:51:27.656047 IP 205.251.193.222.53 > xxx.xxx.xxx.xxx.42994: UDP, length 335
09:51:27.656517 IP xxx.xxx.xxx.xxx.59577 > 205.251.194.236.53: UDP, length 61
09:51:27.656820 IP xxx.xxx.xxx.xxx.29228 > 199.249.120.1.53: UDP, length 42
09:51:27.657617 IP 2.22.230.67.53 > xxx.xxx.xxx.xxx.64172: UDP, length 60
09:51:27.660843 IP 95.100.168.130.53 > xxx.xxx.xxx.xxx.42631: UDP, length 78
09:51:27.661332 IP xxx.xxx.xxx.xxx.51498 > 84.53.139.129.53: UDP, length 55
09:51:27.664356 IP 194.146.107.6.53 > xxx.xxx.xxx.xxx.63915: UDP, length 691
09:51:27.664745 IP xxx.xxx.xxx.xxx.7053 > 217.160.80.193.53: UDP, length 45
09:51:27.669345 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.29570: UDP, length 61
09:51:27.670896 IP 23.211.133.65.53 > xxx.xxx.xxx.xxx.50850: UDP, length 93
09:51:27.671397 IP xxx.xxx.xxx.xxx.48083 > 192.55.83.30.53: UDP, length 43
09:51:27.672499 IP 205.251.192.36.53 > xxx.xxx.xxx.xxx.60974: UDP, length 334
09:51:27.672595 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.35040: UDP, length 61
09:51:27.672694 IP 217.160.82.194.53 > xxx.xxx.xxx.xxx.48389: UDP, length 61
09:51:27.672771 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.56311: UDP, length 61
09:51:27.672870 IP 217.160.81.196.53 > xxx.xxx.xxx.xxx.24142: UDP, length 61
09:51:27.675649 IP 193.108.88.128.53 > xxx.xxx.xxx.xxx.29106: UDP, length 95
09:51:27.676171 IP xxx.xxx.xxx.xxx.63756 > 2.22.230.65.53: UDP, length 44
09:51:27.679194 IP 217.160.82.195.53 > xxx.xxx.xxx.xxx.49832: UDP, length 61
09:51:27.679295 IP 217.160.81.196.53 > xxx.xxx.xxx.xxx.40751: UDP, length 61
09:51:27.679370 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.45100: UDP, length 61
09:51:27.680771 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.15400: UDP, length 61
09:51:27.682372 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.8658: UDP, length 63
09:51:27.685197 IP 84.53.139.129.53 > xxx.xxx.xxx.xxx.51498: UDP, length 82
09:51:27.685719 IP xxx.xxx.xxx.xxx.51725 > 23.61.199.131.53: UDP, length 63
09:51:27.688401 IP 205.251.194.236.53 > xxx.xxx.xxx.xxx.59577: UDP, length 326
09:51:27.690010 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.33996: UDP, length 63
09:51:27.691586 IP 192.112.36.4.53 > xxx.xxx.xxx.xxx.10416: UDP, length 825
09:51:27.692067 IP xxx.xxx.xxx.xxx.23482 > 192.33.4.12.53: UDP, length 47
09:51:27.693312 IP 199.249.120.1.53 > xxx.xxx.xxx.xxx.29228: UDP, length 805
09:51:27.693687 IP xxx.xxx.xxx.xxx.32444 > 205.251.196.15.53: UDP, length 50
09:51:27.698206 IP 217.160.80.193.53 > xxx.xxx.xxx.xxx.7053: UDP, length 61
09:51:27.698273 IP 2.22.230.130.53 > xxx.xxx.xxx.xxx.58014: UDP, length 104
09:51:27.698984 IP xxx.xxx.xxx.xxx.60192 > 192.5.6.30.53: UDP, length 43
09:51:27.699784 IP 195.243.137.26.53 > xxx.xxx.xxx.xxx.24580: UDP, length 691
09:51:27.700132 IP xxx.xxx.xxx.xxx.9782 > 217.160.82.193.53: UDP, length 45
09:51:27.701374 IP 2.16.130.131.53 > xxx.xxx.xxx.xxx.30060: UDP, length 63
09:51:27.702983 IP 43.230.48.1.53 > xxx.xxx.xxx.xxx.28502: UDP, length 546
09:51:27.703322 IP xxx.xxx.xxx.xxx.33833 > 213.248.216.1.53: UDP, length 44

johnpoz

Open that up in wireshark and you can see way more info on what is being asked, what is being returned... See my edit above post.

But for example, you see that query to 192.33.4.12 that is one of the root servers.

;; QUESTION SECTION:
;12.4.33.192.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
12.4.33.192.in-addr.arpa. 10800 IN      PTR     c.root-servers.net.

pfguy2018

@johnpoz
So that would suggest that things are working right now? Which is good. I will repeat this traffic capture once things go south again.

I have installed Wireshark, but am not sure how to get my traffic into it from the text file I have. Any pointers there?

johnpoz

Not the text that is shown, the download button.

pfguy2018

Great - got it. Now how do I edit out my ip address prior to posting the output? There does not seem to be any replace function in the UI that I can see.

pfguy2018

@pfguy2018
NVM - figured that out
Here is some of the output from the capture I posted above
Screen Shot 2020-02-23 at 10.18.30 AM copy.jpg

pfguy2018

It's a little hard to read the image, but there do appear to be successful queries to the root servers, as expected. So I will repeat this capture once the domain question stops resolving, to see if there are any differences in the traffic.

johnpoz

Exactly the big question is are you actually sending the queries and just not getting an answer.. Or are you not sending them at all..

If it was just something hung up in unbound, you would think a restart of it would fix it... But your having to reboot... Which makes less sense unless its something with the actual wan connection.

You should always know the IPs of the roots, because you don't have to query for them - its in the hints file.. So you should always be able to query for IP of a root server even if no wan connectivity..

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: dig h.root-servers.net

; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34795
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;h.root-servers.net.            IN      A

;; ANSWER SECTION:
h.root-servers.net.     25823   IN      A       198.97.190.53

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 23 09:30:53 CST 2020
;; MSG SIZE  rcvd: 63

You should be able to ask unbound this way as well how it would look up NS for a tld... When it fails again.. I would check this as well to see what the output is..

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf lookup com
The following name servers are used for lookup of com.
;rrset 80980 13 0 2 0
com.    80980   IN      NS      b.gtld-servers.net.
com.    80980   IN      NS      e.gtld-servers.net.
com.    80980   IN      NS      c.gtld-servers.net.
com.    80980   IN      NS      h.gtld-servers.net.
com.    80980   IN      NS      l.gtld-servers.net.
com.    80980   IN      NS      a.gtld-servers.net.
com.    80980   IN      NS      k.gtld-servers.net.
com.    80980   IN      NS      g.gtld-servers.net.
com.    80980   IN      NS      i.gtld-servers.net.
com.    80980   IN      NS      f.gtld-servers.net.
com.    80980   IN      NS      d.gtld-servers.net.
com.    80980   IN      NS      j.gtld-servers.net.
com.    80980   IN      NS      m.gtld-servers.net.
;rrset 80980 1 1 11 5
com.    80980   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
com.    80980   IN      RRSIG   DS 8 1 86400 20200307050000 20200223040000 33853 . sLV0mt5DtczNJfepnGzpEjM5Gctb51i5Spnjk63LfpKu0YiWw160w9zDis/RoclzEKIAQ1wSWJNo04uBOQg7VAQ646bPoEcvSQ2Y7GJap4FqVIdAS3o5pJhKKmqeSVJxQ/aaj1BQAaWEFaU9yIvtnNWL7Lg0wUakZ483FTUxknRzTVHEVhNhnLUdjUcxEId0wEmmrkfsc5yiqRV9fYcOXUEZwFrV8YaoOTKaXKeL69zA2S4CJyXqQMbzFndPEE3/FnIhk3F19JfLgya8kwKTKbX22JJImxbmXA4zMTI8efnhlJ/ZS5QuuPcY2P2r+qVITs2Ibv2gvVBCYJltNxxaEQ== ;{id = 33853}
;rrset 25739 1 0 8 3
m.gtld-servers.net.     25739   IN      A       192.55.83.30
;rrset 25739 1 0 8 3
m.gtld-servers.net.     25739   IN      AAAA    2001:501:b1f9::30
;rrset 25738 1 0 8 3
j.gtld-servers.net.     25738   IN      A       192.48.79.30
;rrset 25738 1 0 8 3
j.gtld-servers.net.     25738   IN      AAAA    2001:502:7094::30
;rrset 25737 1 0 8 3
d.gtld-servers.net.     25737   IN      A       192.31.80.30
;rrset 25737 1 0 8 3
d.gtld-servers.net.     25737   IN      AAAA    2001:500:856e::30
;rrset 25737 1 0 8 3
f.gtld-servers.net.     25737   IN      A       192.35.51.30
;rrset 25737 1 0 8 3
f.gtld-servers.net.     25737   IN      AAAA    2001:503:d414::30
;rrset 25738 1 0 8 3
i.gtld-servers.net.     25738   IN      A       192.43.172.30
;rrset 25738 1 0 8 3
i.gtld-servers.net.     25738   IN      AAAA    2001:503:39c1::30
;rrset 25738 1 0 8 3
g.gtld-servers.net.     25738   IN      A       192.42.93.30
;rrset 25738 1 0 8 3
g.gtld-servers.net.     25738   IN      AAAA    2001:503:eea3::30
;rrset 25738 1 0 8 3
k.gtld-servers.net.     25738   IN      A       192.52.178.30
;rrset 25738 1 0 8 3
k.gtld-servers.net.     25738   IN      AAAA    2001:503:d2d::30
;rrset 25737 1 0 8 3
a.gtld-servers.net.     25737   IN      A       192.5.6.30
;rrset 25737 1 0 8 3
a.gtld-servers.net.     25737   IN      AAAA    2001:503:a83e::2:30
;rrset 25738 1 0 8 3
l.gtld-servers.net.     25738   IN      A       192.41.162.30
;rrset 25739 1 0 8 3
l.gtld-servers.net.     25739   IN      AAAA    2001:500:d937::30
;rrset 25738 1 0 8 3
h.gtld-servers.net.     25738   IN      A       192.54.112.30
;rrset 25738 1 0 8 3
h.gtld-servers.net.     25738   IN      AAAA    2001:502:8cc::30
;rrset 25737 1 0 8 3
c.gtld-servers.net.     25737   IN      A       192.26.92.30
;rrset 25737 1 0 8 3
c.gtld-servers.net.     25737   IN      AAAA    2001:503:83eb::30
;rrset 25737 1 0 8 3
e.gtld-servers.net.     25737   IN      A       192.12.94.30
;rrset 25737 1 0 8 3
e.gtld-servers.net.     25737   IN      AAAA    2001:502:1ca1::30
;rrset 25737 1 0 8 3
b.gtld-servers.net.     25737   IN      A       192.33.14.30
;rrset 25737 1 0 8 3
b.gtld-servers.net.     25737   IN      AAAA    2001:503:231d::2:30
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:503:231d::2:30     rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.33.14.30            not in infra cache.
2001:502:1ca1::30       rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.12.94.30            rto 191 msec, ttl 302, ping 15 var 44 rtt 191, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:83eb::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.26.92.30            rto 183 msec, ttl 302, ping 15 var 42 rtt 183, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:8cc::30        not in infra cache.
192.54.112.30           rto 243 msec, ttl 294, ping 3 var 60 rtt 243, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:d937::30       rto 376 msec, ttl 302, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.41.162.30           rto 285 msec, ttl 473, ping 17 var 67 rtt 285, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:a83e::2:30     rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.5.6.30              rto 279 msec, ttl 733, ping 7 var 68 rtt 279, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:d2d::30        rto 376 msec, ttl 302, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.52.178.30           rto 317 msec, ttl 711, ping 13 var 76 rtt 317, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:eea3::30       rto 376 msec, ttl 460, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.42.93.30            rto 327 msec, ttl 91, ping 23 var 76 rtt 327, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:39c1::30       rto 376 msec, ttl 711, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.43.172.30           rto 214 msec, ttl 268, ping 6 var 52 rtt 214, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:d414::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.35.51.30            rto 365 msec, ttl 473, ping 9 var 89 rtt 365, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:856e::30       rto 376 msec, ttl 171, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.31.80.30            rto 238 msec, ttl 302, ping 10 var 57 rtt 238, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:7094::30       not in infra cache.
192.48.79.30            rto 302 msec, ttl 706, ping 2 var 75 rtt 302, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:501:b1f9::30       not in infra cache.
192.55.83.30            rto 351 msec, ttl 706, ping 7 var 86 rtt 351, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
[2.4.4-RELEASE][admin@sg4860.local.lan]/root:

To validate it actually has IPs for roots.

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: unbound-control -c /var/unbound/unbound.conf lookup .
The following name servers are used for lookup of .
;rrset 80411 13 1 11 5
.       80411   IN      NS      k.root-servers.net.
.       80411   IN      NS      b.root-servers.net.
.       80411   IN      NS      m.root-servers.net.
.       80411   IN      NS      c.root-servers.net.
.       80411   IN      NS      d.root-servers.net.
.       80411   IN      NS      l.root-servers.net.
.       80411   IN      NS      h.root-servers.net.
.       80411   IN      NS      j.root-servers.net.
.       80411   IN      NS      g.root-servers.net.
.       80411   IN      NS      e.root-servers.net.
.       80411   IN      NS      f.root-servers.net.
.       80411   IN      NS      a.root-servers.net.
.       80411   IN      NS      i.root-servers.net.
.       80411   IN      RRSIG   NS 8 0 518400 20200307050000 20200223040000 33853 . OywKX+NljD5Qsir5p4YY6Cz4raE6/1M5peyPyBymFCakHkG2tKG6u8k70cjNe/VAyYG0JPkqOFJ7I4+gzCqODab/8Vc18hClQ3XO6yj5IsdWcl5w+GgI7DFO5Tk7Bhx/5HqCNEXrmiCr8u1qvry0cdgmOO8iYvMDSXnT4FlGt49DIr4msrRU6Fsr0yjamoBVdcEaQwU9KDptzbMDnqJVL2FYGnpftrVanszm6Vs8q2iZivNlmTL1b2QKFidqI8DLs6V2yIPMbCOHFdAwlfw6LpWUaQhUxmxdsfBn28QUonZTUz/BOWpzWRmXDb2TDo1ofUkoOLvj7pHJvC7JEt07Zg== ;{id = 33853}
;rrset 25166 1 0 8 3
i.root-servers.net.     25166   IN      A       192.36.148.17
;rrset 25166 1 0 8 3
i.root-servers.net.     25166   IN      AAAA    2001:7fe::53
;rrset 25167 1 0 8 3
a.root-servers.net.     25167   IN      A       198.41.0.4
;rrset 25167 1 0 8 3
a.root-servers.net.     25167   IN      AAAA    2001:503:ba3e::2:30
;rrset 25166 1 0 8 3
f.root-servers.net.     25166   IN      A       192.5.5.241
;rrset 25166 1 0 8 3
f.root-servers.net.     25166   IN      AAAA    2001:500:2f::f
;rrset 25165 1 0 8 3
e.root-servers.net.     25165   IN      A       192.203.230.10
;rrset 25165 1 0 8 3
e.root-servers.net.     25165   IN      AAAA    2001:500:a8::e
;rrset 25166 1 0 8 3
g.root-servers.net.     25166   IN      A       192.112.36.4
;rrset 25166 1 0 8 3
g.root-servers.net.     25166   IN      AAAA    2001:500:12::d0d
;rrset 25167 1 0 8 3
j.root-servers.net.     25167   IN      A       192.58.128.30
;rrset 25167 1 0 8 3
j.root-servers.net.     25167   IN      AAAA    2001:503:c27::2:30
;rrset 25164 1 0 8 3
h.root-servers.net.     25164   IN      A       198.97.190.53
;rrset 25164 1 0 8 3
h.root-servers.net.     25164   IN      AAAA    2001:500:1::53
;rrset 25167 1 0 8 3
l.root-servers.net.     25167   IN      A       199.7.83.42
;rrset 25167 1 0 8 3
l.root-servers.net.     25167   IN      AAAA    2001:500:9f::42
;rrset 25167 1 0 8 3
d.root-servers.net.     25167   IN      A       199.7.91.13
;rrset 25167 1 0 8 3
d.root-servers.net.     25167   IN      AAAA    2001:500:2d::d
;rrset 25165 1 0 8 3
c.root-servers.net.     25165   IN      A       192.33.4.12
;rrset 25166 1 0 8 3
c.root-servers.net.     25166   IN      AAAA    2001:500:2::c
;rrset 25165 1 0 8 3
m.root-servers.net.     25165   IN      A       202.12.27.33
;rrset 25165 1 0 8 3
m.root-servers.net.     25165   IN      AAAA    2001:dc3::35
;rrset 25166 1 0 8 3
b.root-servers.net.     25166   IN      A       199.9.14.201
;rrset 25167 1 0 8 3
b.root-servers.net.     25167   IN      AAAA    2001:500:200::b
;rrset 25165 1 0 8 3
k.root-servers.net.     25165   IN      A       193.0.14.129
;rrset 25165 1 0 8 3
k.root-servers.net.     25165   IN      AAAA    2001:7fd::1
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:7fd::1             rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
193.0.14.129            not in infra cache.
2001:500:200::b         not in infra cache.
199.9.14.201            rto 369 msec, ttl 481, ping 9 var 90 rtt 369, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:dc3::35            rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
202.12.27.33            not in infra cache.
2001:500:2::c           not in infra cache.
192.33.4.12             not in infra cache.
2001:500:2d::d          not in infra cache.
199.7.91.13             not in infra cache.
2001:500:9f::42         rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
199.7.83.42             rto 356 msec, ttl 751, ping 8 var 87 rtt 356, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:1::53          not in infra cache.
198.97.190.53           not in infra cache.
2001:503:c27::2:30      rto 376 msec, ttl 751, ping 0 var 94 rtt 376, tA 0, tAAAA 0, tother 0, EDNS 0 assumed.
192.58.128.30           not in infra cache.
2001:500:12::d0d        not in infra cache.
192.112.36.4            rto 328 msec, ttl 751, ping 4 var 81 rtt 328, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:a8::e          not in infra cache.
192.203.230.10          not in infra cache.
2001:500:2f::f          not in infra cache.
192.5.5.241             rto 320 msec, ttl 751, ping 4 var 79 rtt 320, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:ba3e::2:30     not in infra cache.
198.41.0.4              rto 256 msec, ttl 228, ping 4 var 63 rtt 256, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:7fe::53            not in infra cache.
192.36.148.17           not in infra cache.
[2.4.4-RELEASE][admin@sg4860.local.lan]/root:

pfguy2018

@johnpoz said in Strange issue - not sure how to fix:

unbound-control -c /var/unbound/unbound.conf lookup .

Yes, when I run those commands, I get very similar output to what you posted, as I should. So I will wait for the next time that domains stop resolving, and run everything again, and then post the results. Unfortunately, I have no idea when that will occur.

pfguy2018

It happened again and I was able to run the various commands you listed above and perform a packet capture.

; <<>> DiG 9.12.2-P1 <<>> h.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56121
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;h.root-servers.net.		IN	A

;; ANSWER SECTION:
h.root-servers.net.	86400	IN	A	198.97.190.53

;; Query time: 158 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Feb 23 16:18:59 EST 2020
;; MSG SIZE  rcvd: 63

The following name servers are used for lookup of com.
;rrset 85352 13 0 2 0
com.	85352	IN	NS	a.gtld-servers.net.
com.	85352	IN	NS	b.gtld-servers.net.
com.	85352	IN	NS	c.gtld-servers.net.
com.	85352	IN	NS	d.gtld-servers.net.
com.	85352	IN	NS	e.gtld-servers.net.
com.	85352	IN	NS	f.gtld-servers.net.
com.	85352	IN	NS	g.gtld-servers.net.
com.	85352	IN	NS	h.gtld-servers.net.
com.	85352	IN	NS	i.gtld-servers.net.
com.	85352	IN	NS	j.gtld-servers.net.
com.	85352	IN	NS	k.gtld-servers.net.
com.	85352	IN	NS	l.gtld-servers.net.
com.	85352	IN	NS	m.gtld-servers.net.
;rrset 85352 1 1 11 5
com.	85352	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
com.	85352	IN	RRSIG	DS 8 1 86400 20200307170000 20200223160000 33853 . AkoMkh2radmKCnXu8NeiINg3AlAYfHvuZORUApNH96ZCtOkPZ0vxFgdwnls009OkPO2IYeUuIySROSJNSPc9Ukj/ybot7AyjAv6brrTcYVCg0KvPPSaFLwBCHXuJdUNlIF8xhxv73/gFBEcGThLAmxfeRk2lpODXeXNDbZ9GPnWVeC2KVwEeL22JfBcBmpAxEhNLnufgPLR5Kv9aY+O7cleHDuRpQa4qNSEBgF/88ugrpNdixNx+5FO6Nl7mZRdPjSr97H6EH/aCvlzPMGl7bPVtT/7A9T943yQP4kMznxVRSMNXSMimarzRJhmM0ZE5H1qwUTi+UoeMjBq+mJHmBA== ;{id = 33853}
;rrset 85352 1 0 1 0
m.gtld-servers.net.	85352	IN	A	192.55.83.30
;rrset 85352 1 0 1 0
m.gtld-servers.net.	85352	IN	AAAA	2001:501:b1f9::30
;rrset 85352 1 0 1 0
l.gtld-servers.net.	85352	IN	A	192.41.162.30
;rrset 85352 1 0 1 0
l.gtld-servers.net.	85352	IN	AAAA	2001:500:d937::30
;rrset 85352 1 0 1 0
k.gtld-servers.net.	85352	IN	A	192.52.178.30
;rrset 85352 1 0 1 0
k.gtld-servers.net.	85352	IN	AAAA	2001:503:d2d::30
;rrset 85352 1 0 1 0
j.gtld-servers.net.	85352	IN	A	192.48.79.30
;rrset 85352 1 0 1 0
j.gtld-servers.net.	85352	IN	AAAA	2001:502:7094::30
;rrset 85352 1 0 1 0
i.gtld-servers.net.	85352	IN	A	192.43.172.30
;rrset 85352 1 0 1 0
i.gtld-servers.net.	85352	IN	AAAA	2001:503:39c1::30
;rrset 85352 1 0 1 0
h.gtld-servers.net.	85352	IN	A	192.54.112.30
;rrset 85352 1 0 1 0
h.gtld-servers.net.	85352	IN	AAAA	2001:502:8cc::30
;rrset 85352 1 0 1 0
g.gtld-servers.net.	85352	IN	A	192.42.93.30
;rrset 85352 1 0 1 0
g.gtld-servers.net.	85352	IN	AAAA	2001:503:eea3::30
;rrset 85352 1 0 1 0
f.gtld-servers.net.	85352	IN	A	192.35.51.30
;rrset 85352 1 0 1 0
f.gtld-servers.net.	85352	IN	AAAA	2001:503:d414::30
;rrset 85352 1 0 1 0
e.gtld-servers.net.	85352	IN	A	192.12.94.30
;rrset 85352 1 0 1 0
e.gtld-servers.net.	85352	IN	AAAA	2001:502:1ca1::30
;rrset 85352 1 0 1 0
d.gtld-servers.net.	85352	IN	A	192.31.80.30
;rrset 85352 1 0 1 0
d.gtld-servers.net.	85352	IN	AAAA	2001:500:856e::30
;rrset 85352 1 0 1 0
c.gtld-servers.net.	85352	IN	A	192.26.92.30
;rrset 85352 1 0 1 0
c.gtld-servers.net.	85352	IN	AAAA	2001:503:83eb::30
;rrset 85352 1 0 1 0
b.gtld-servers.net.	85352	IN	A	192.33.14.30
;rrset 85352 1 0 1 0
b.gtld-servers.net.	85352	IN	AAAA	2001:503:231d::2:30
;rrset 85352 1 0 1 0
a.gtld-servers.net.	85352	IN	A	192.5.6.30
;rrset 85352 1 0 1 0
a.gtld-servers.net.	85352	IN	AAAA	2001:503:a83e::2:30
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:503:a83e::2:30	not in infra cache.
192.5.6.30      	rto 307 msec, ttl 574, ping 19 var 72 rtt 307, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:231d::2:30	not in infra cache.
192.33.14.30    	rto 347 msec, ttl 735, ping 7 var 85 rtt 347, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:83eb::30	not in infra cache.
192.26.92.30    	not in infra cache.
2001:500:856e::30	not in infra cache.
192.31.80.30    	rto 197 msec, ttl 244, ping 37 var 40 rtt 197, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:1ca1::30	not in infra cache.
192.12.94.30    	not in infra cache.
2001:503:d414::30	not in infra cache.
192.35.51.30    	not in infra cache.
2001:503:eea3::30	not in infra cache.
192.42.93.30    	rto 123 msec, ttl 152, ping 23 var 25 rtt 123, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:8cc::30	not in infra cache.
192.54.112.30   	rto 324 msec, ttl 635, ping 4 var 80 rtt 324, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:503:39c1::30	not in infra cache.
192.43.172.30   	rto 298 msec, ttl 573, ping 10 var 72 rtt 298, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:502:7094::30	not in infra cache.
192.48.79.30    	rto 752 msec, ttl 384, ping 0 var 94 rtt 376, tA 1, tAAAA 0, tother 0, EDNS 0 assumed.
2001:503:d2d::30	not in infra cache.
192.52.178.30   	rto 360 msec, ttl 574, ping 8 var 88 rtt 360, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:d937::30	not in infra cache.
192.41.162.30   	rto 356 msec, ttl 736, ping 8 var 87 rtt 356, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:501:b1f9::30	not in infra cache.
192.55.83.30    	rto 336 msec, ttl 551, ping 24 var 78 rtt 336, tA 0, tAAAA 0, tother 0, EDNS 0 probed.

The following name servers are used for lookup of .
;rrset 85317 13 1 8 0
.	85317	IN	NS	m.root-servers.net.
.	85317	IN	NS	b.root-servers.net.
.	85317	IN	NS	c.root-servers.net.
.	85317	IN	NS	d.root-servers.net.
.	85317	IN	NS	e.root-servers.net.
.	85317	IN	NS	f.root-servers.net.
.	85317	IN	NS	g.root-servers.net.
.	85317	IN	NS	h.root-servers.net.
.	85317	IN	NS	a.root-servers.net.
.	85317	IN	NS	i.root-servers.net.
.	85317	IN	NS	j.root-servers.net.
.	85317	IN	NS	k.root-servers.net.
.	85317	IN	NS	l.root-servers.net.
.	85317	IN	RRSIG	NS 8 0 518400 20200307170000 20200223160000 33853 . GN9hZh6mOFruU2IWiP4EIvALgU6uQLlXo748wScmwsJYCcmPiPFT6y2qNnsJfg06OrI2qhZueL0NNtcZ5W9hGLFff3nzUcOETUnEWcbW4MwIRWDxVQ4MVMmsnIhWM3BCQdA5hG0eIALwJ+9q3aUe+lHhORN98lpYxfs+tx73A+GgmNZUm4Coz44hmhJ6G+mM0mYsMLZ1oAvDH/exgo/VExwEA9P3xyRQb5H09yJdc0cdmygbD8R1L/yjyQUlnyKLOC8ZQ3bpei9NKRXWqv5p29cnpwt4AiaAuZNkCVQA9SIWIKdFVrBh40NsO+RDpEcmh84r30wTVm+qYGT4PItLag== ;{id = 33853}
;rrset 85317 1 0 3 3
l.root-servers.net.	85317	IN	A	199.7.83.42
;rrset 85317 1 0 3 3
l.root-servers.net.	85317	IN	AAAA	2001:500:9f::42
;rrset 85317 1 0 3 3
k.root-servers.net.	85317	IN	A	193.0.14.129
;rrset 85317 1 0 3 3
k.root-servers.net.	85317	IN	AAAA	2001:7fd::1
;rrset 85317 1 0 3 3
j.root-servers.net.	85317	IN	A	192.58.128.30
;rrset 85317 1 0 3 3
j.root-servers.net.	85317	IN	AAAA	2001:503:c27::2:30
;rrset 85317 1 0 3 3
i.root-servers.net.	85317	IN	A	192.36.148.17
;rrset 85317 1 0 3 3
i.root-servers.net.	85317	IN	AAAA	2001:7fe::53
;rrset 85317 1 0 3 3
a.root-servers.net.	85317	IN	A	198.41.0.4
;rrset 85317 1 0 3 3
a.root-servers.net.	85317	IN	AAAA	2001:503:ba3e::2:30
;rrset 86325 1 0 8 3
h.root-servers.net.	86325	IN	A	198.97.190.53
;rrset 85317 1 0 3 3
h.root-servers.net.	85317	IN	AAAA	2001:500:1::53
;rrset 85317 1 0 3 3
g.root-servers.net.	85317	IN	A	192.112.36.4
;rrset 85317 1 0 3 3
g.root-servers.net.	85317	IN	AAAA	2001:500:12::d0d
;rrset 85317 1 0 3 3
f.root-servers.net.	85317	IN	A	192.5.5.241
;rrset 85317 1 0 3 3
f.root-servers.net.	85317	IN	AAAA	2001:500:2f::f
;rrset 85317 1 0 3 3
e.root-servers.net.	85317	IN	A	192.203.230.10
;rrset 85317 1 0 3 3
e.root-servers.net.	85317	IN	AAAA	2001:500:a8::e
;rrset 85317 1 0 3 3
d.root-servers.net.	85317	IN	A	199.7.91.13
;rrset 85317 1 0 3 3
d.root-servers.net.	85317	IN	AAAA	2001:500:2d::d
;rrset 85317 1 0 3 3
c.root-servers.net.	85317	IN	A	192.33.4.12
;rrset 85317 1 0 3 3
c.root-servers.net.	85317	IN	AAAA	2001:500:2::c
;rrset 85317 1 0 3 3
b.root-servers.net.	85317	IN	A	199.9.14.201
;rrset 85317 1 0 3 3
b.root-servers.net.	85317	IN	AAAA	2001:500:200::b
;rrset 85317 1 0 3 3
m.root-servers.net.	85317	IN	A	202.12.27.33
;rrset 85317 1 0 3 3
m.root-servers.net.	85317	IN	AAAA	2001:dc3::35
Delegation with 13 names, of which 0 can be examined to query further addresses.
It provides 26 IP addresses.
2001:dc3::35    	not in infra cache.
202.12.27.33    	expired, rto 62969312 msec, tA 2 tAAAA 0 tother 0.
2001:500:200::b 	not in infra cache.
199.9.14.201    	expired, rto 62969312 msec, tA 1 tAAAA 0 tother 0.
2001:500:2::c   	not in infra cache.
192.33.4.12     	rto 210 msec, ttl 110, ping 18 var 48 rtt 210, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:2d::d  	not in infra cache.
199.7.91.13     	not in infra cache.
2001:500:a8::e  	not in infra cache.
192.203.230.10  	not in infra cache.
2001:500:2f::f  	not in infra cache.
192.5.5.241     	rto 287 msec, ttl 499, ping 7 var 70 rtt 287, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:500:12::d0d	not in infra cache.
192.112.36.4    	not in infra cache.
2001:500:1::53  	not in infra cache.
198.97.190.53   	not in infra cache.
2001:503:ba3e::2:30	not in infra cache.
198.41.0.4      	not in infra cache.
2001:7fe::53    	not in infra cache.
192.36.148.17   	not in infra cache.
2001:503:c27::2:30	not in infra cache.
192.58.128.30   	rto 328 msec, ttl 642, ping 4 var 81 rtt 328, tA 0, tAAAA 0, tother 0, EDNS 0 probed.
2001:7fd::1     	not in infra cache.
193.0.14.129    	not in infra cache.
2001:500:9f::42 	not in infra cache.
199.7.83.42     	not in infra cache.

; <<>> DiG 9.12.2-P1 <<>> feedly.com +trace
;; global options: +cmd
.			85262	IN	NS	m.root-servers.net.
.			85262	IN	NS	b.root-servers.net.
.			85262	IN	NS	c.root-servers.net.
.			85262	IN	NS	d.root-servers.net.
.			85262	IN	NS	e.root-servers.net.
.			85262	IN	NS	f.root-servers.net.
.			85262	IN	NS	g.root-servers.net.
.			85262	IN	NS	h.root-servers.net.
.			85262	IN	NS	a.root-servers.net.
.			85262	IN	NS	i.root-servers.net.
.			85262	IN	NS	j.root-servers.net.
.			85262	IN	NS	k.root-servers.net.
.			85262	IN	NS	l.root-servers.net.
.			85262	IN	RRSIG	NS 8 0 518400 20200307170000 20200223160000 33853 . GN9hZh6mOFruU2IWiP4EIvALgU6uQLlXo748wScmwsJYCcmPiPFT6y2q NnsJfg06OrI2qhZueL0NNtcZ5W9hGLFff3nzUcOETUnEWcbW4MwIRWDx VQ4MVMmsnIhWM3BCQdA5hG0eIALwJ+9q3aUe+lHhORN98lpYxfs+tx73 A+GgmNZUm4Coz44hmhJ6G+mM0mYsMLZ1oAvDH/exgo/VExwEA9P3xyRQ b5H09yJdc0cdmygbD8R1L/yjyQUlnyKLOC8ZQ3bpei9NKRXWqv5p29cn pwt4AiaAuZNkCVQA9SIWIKdFVrBh40NsO+RDpEcmh84r30wTVm+qYGT4 PItLag==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

;; connection timed out; no servers could be reached

Screen Shot 2020-02-23 at 4.26.46 PM copy 2.jpg

What can I learn from all this?

johnpoz

Did you set that public IP to resolve as local?

Where are the queries to and from .com server Servers?.. I only see queries for the root servers?

You prob want to set number of packets to capture to 0 vs just the 100..

pfguy2018

@johnpoz said in Strange issue - not sure how to fix:

Did you set that public IP to resolve as local?

Yes - to obscure my IP address. Wherever it says "local", it originally listed my IP address.

Where are the queries to and from .com server Servers?.. I only see queries for the root servers?

Not sure. But the packet capture was taken while I ran the command dig feedly.com +trace. I ran it again while trying to browse to feedly.com - results below.

You prob want to set number of packets to capture to 0 vs just the 100..

Done below

Screen Shot 2020-02-23 at 4.49.10 PM copy.jpg