Cannot resolve .co.uk domains with VPN, local DNS using Unbound

user35 · May 26, 2016, 10:38am

Hello,

I’m using unbound as a local DNS server on my laptop (Arch Linux). Occasionally the laptop is unable to resolve .co.uk TLDs while connected to a VPN (AirVPN using OpenVPN). When this happens the AirVPN website says their servers can still connect to .co.uk addresses, so I wonder if unbound could be causing the problem. I can’t reproducibly cause the issue, which seems to happen randomly and doesn’t affect any other TLDs. If I disconnect from the VPN, .co.uk addresses are resolved again.

Any help would be much appreciated, even if just to confirm that unbound isn’t the problem.

Unbound listens on 127.0.0.1 and points all DNS queries to the AirVPN nameserver at 10.4.0.1. Queries for servers at my university get sent to the DNS at 131.227.13{0,1}.5.

unbound.conf is:

Leen_Besselink · May 26, 2016, 10:46am

Hello,

Hi,

Based on the DNSSEC-root key you have in your config, I assume this will enable DNSSEC-validation.

Maybe all traffic is routed over the VPN so the other DNS-servers aren't reachable anymore ? AND the airvpn DNS-server is blocking/dropping/does not understand the DNSSEC-information.

Have you tested it while it's turned off ?

https://www.unbound.net/documentation/howto_turnoff_dnssec.html

user35 · May 26, 2016, 11:08am

You were right Leen: all traffic goes through the VPN, and disabling DNSSEC resolved the problem. I'll follow this up with AirVPN.

Many thanks,
Rob