Help with TLD issue:

HybridZ · April 6, 2026, 5:47pm

Hello, I hope this is the correct place to post this. I am new to unbound. I have it set up with my pihole. It’s working great, however one issue I have is my TLD. This domain has A records pointing to my home ISP external IP address, which does not seem to resolve inside the DNS.

I get “ERR_FAILED” site can’t be reached. Not even DNS_PROBE_FINISHED_NXDOMAIN.

Is there anyone who could help me diagnose this. Thanks.

Yorgos · April 7, 2026, 4:06pm

Hi @HybridZ, this is the correct place. However I am not sure I understand your problem. Could you be more specific with some (obfuscated or not) examples?

HybridZ · April 7, 2026, 4:47pm

So basically inside my DNS when I go to my domain it gives the above error. When I don’t use my DNS it works fine. Is there a dig command or log I can show to help you diagnose this? I am relatively new to DNS stuff. I just ran the pihole for years to block ads now I’m using unbound alongside it, and my domain no longer works.

Yorgos · April 7, 2026, 5:36pm

You can start by trying with (replace the variables):

dig @<unbound_ip> -p <unbound_port> <yourdomain>

In the Unbound configuration you can use log-servfail: yes and see what you get in the log output if you dig for your domain above (I expect a SERVFAIL if I read between the lines?).

HybridZ · April 7, 2026, 6:04pm

I thought as much. The weird thing is it seems to work fine with dig.

; <<>> DiG 9.18.47-1~deb12u1-Debian <<>> @127.0.0.1 -p PORT TLD                              ; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34014
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:                                 ; EDNS: version: 0, flags:; udp: 1232                 ;; QUESTION SECTION:
;TLD.            IN      A

;; ANSWER SECTION:
TLD.     300     IN      A       ISP/HOST_IP

;; Query time: 23 msec
;; SERVER: 127.0.0.1#PORT(127.0.0.1) (UDP)
;; WHEN: Tue Apr 07 17:57:01 UTC 2026
;; MSG SIZE  rcvd: 63

I assume you cant use this command for a website with a port included? The IP seems to go to my ISP but the thing is I need it to work with a port the moment I add the port to get to the web server (custom ports) it doesn’t resolve in the browser.

Here is the dig with the port (I am not familiar all that much with dig command so I don’t know if this is expected behaviour)

; <<>> DiG 9.18.47-1~deb12u1-Debian <<>> @127.0.0.1 -p PORT TLD:PORT
; (1 server found)                                    ;; global options: +cmd
;; Got answer:                                        ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24918
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1                                     
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;TLD:PORT.      IN      A             
;; AUTHORITY SECTION:
.                       3600    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2026040701 1800 900 604800 86400

;; Query time: 15 msec
;; SERVER: 127.0.0.1#PORT(127.0.0.1) (UDP)
;; WHEN: Tue Apr 07 18:00:31 UTC 2026
;; MSG SIZE  rcvd: 128

Not sure if this helps but also my pihole when requesting the page says this…

2026-04-07
18:50:46		A	TLD	LOCALIP	45.1 µs	
2026-04-07
18:50:46		HTTPS	_PORT._https.TLD	LOCALIP	74.5 ms

Yorgos · April 7, 2026, 6:21pm

That second dig command hurts my eyes

dig, and any DNS lookup utility, only cares about the domain names. The port is something the browser, for example, would use after domain resolution, when actually connecting to said domain.
In the offending dig you are actually asking about the literal domain 'tld:port.' like 'example.com:443.' for example.
That could be an actual domain name.
But that is not the issue here, so moving on.

Apart from that, I see that Unbound answers correctly. So it seems to be something else in your configuration regarding pi-hole.

Do I understand correctly that LOCALIP is the correct expected answer when inside your local network? If so maybe your server is not configured to listen to that IP and only the ISP/HOST_IP?

This seems to go beyond Unbound so not sure of how much assistance I would be. Maybe you could also stop by the pi-hole community and read carefully their documentation for starters. I understood that only recently did you add Unbound to an already working setup so maybe you missed some steps the first time you configured it? Just thinking aloud here.

HybridZ · April 7, 2026, 6:29pm

Oh okay regarding the dig command. Yeah sorry idk the formatting seemed to be okay when I was editing it oops.

So the LOCAL IP is the IP of the device trying to query my TLD on the pihole log.

So is there a way to test unbound more verbosely? Before adding unbound to pihole it worked fine. I don’t believe I missed any steps I followed the guide precisely. Maybe I should post also in the pihole discourse.

HybridZ · April 8, 2026, 5:41pm

Okay somehow my router turned off all port forwarding without me asking. This was why it wasn’t working. Nothing to do with unbound or pihole .

Thanks for the help anyway.