Maintained by: NLnet Labs

Cannot resolve .co.uk domains with VPN, local DNS using Unbound

r.adey-johnson at surrey.ac.uk
Thu May 26 13:08:21 CEST 2016


You were right Leen: all traffic goes through the VPN, and disabling DNSSEC resolved the problem. I'll follow this up with AirVPN.

Many thanks,
Rob

________________________________________
From: Unbound-users <unbound-users-bounces at unbound.net> on behalf of Leen Besselink via Unbound-users <unbound-users at unbound.net>
Sent: 26 May 2016 11:46:18
To: unbound-users at unbound.net
Subject: Re: Cannot resolve .co.uk domains with VPN, local DNS using Unbound

On Thu, May 26, 2016 at 10:38:44AM +0000, Rob via Unbound-users wrote:
> Hello,
>

Hi,

Based on the DNSSEC-root key you have in your config, I assume this will enable DNSSEC-validation.

Maybe all traffic is routed over the VPN so the other DNS-servers aren't reachable anymore ? AND the airvpn DNS-server is blocking/dropping/does not understand the DNSSEC-information.

Have you tested it while it's turned off ?

https://www.unbound.net/documentation/howto_turnoff_dnssec.html

>
> I'm using unbound as a local DNS server on my laptop (Arch Linux). Occasionally the laptop is unable to resolve .co.uk TLDs while connected to a VPN (AirVPN using OpenVPN). When this happens the AirVPN website says their servers can still connect to .co.uk addresses, so I wonder if unbound could be causing the problem. I can't reproducibly cause the issue, which seems to happen randomly and doesn't affect any other TLDs. If I disconnect from the VPN, .co.uk addresses are resolved again.
>
>
> Any help would be much appreciated, even if just to confirm that unbound isn't the problem.
>
>
> Unbound listens on 127.0.0.1 and points all DNS queries to the AirVPN nameserver at 10.4.0.1. Queries for servers at my university get sent to the DNS at 131.227.13{0,1}.5.
>
>
> unbound.conf is:
>
> -------
>
>     include: "/etc/unbound/resolvunbound"
>
>     server:
>          verbosity: 1
>          use-syslog: yes
>          username: "unbound"
>          directory: "/etc/unbound"
>
>          interface: 127.0.0.1
>          trust-anchor-file: trusted-key.key
>          root-hints: "/etc/unbound/root.hints"
>
>          local-zone: "10.in-addr.arpa." nodefault
>          local-zone: "168.192.in-addr.arpa." nodefault
>
>     forward-zone:
>          name: "surrey.ac.uk."
>          forward-addr: 131.227.131.5     #internal dns
>          forward-addr: 131.227.130.5
>          forward-addr: 10.4.0.1                #airvpn dns
>
>     forward-zone:
>          name: "lib.surrey.ac.uk."
>          forward-addr: 131.227.131.5
>          forward-addr: 131.227.130.5
>
>     forward-zone:
>          name: "227.131.in-addr.arpa."
>          forward-addr: 131.227.131.5
>          forward-addr: 131.227.130.5
> -------
>
> and openresolv is configured with resolvconf.conf:
> -------
>     name_servers=127.0.0.1
>     resolv_conf=/etc/resolv.conf
>     unbound_conf="/etc/unbound/resolvunbound"
>     private_interfaces="svpn"
> -------
>
> Thanks in advance,
> Rob
>