Unbound fails to resolve subdomain

Matthias_G_Vossen · March 12, 2021, 9:17am

Hello everybody!

I have encountered an interesting problem which may or may not be a glitch in unbound. The problem and several tries to alleviate it have been documented in detail here: https://discourse.pi-hole.net/t/pi-hole-with-unbound-not-resolving-subdomain/45233
In short, my unbound configuration is able to resolve wunderground.com without problems, but not weatherstation.wunderground.com. The resolve reaches a point where weatherstation.wunderground.com is referred to rtupdate.wunderground.com, but in total fails to resolve to an IP adress and most of the times dig experiences a timeout.
A dig to opendns or google dns resolves just fine.
Configs have been checked and double checked without result.
I am running unound v 1.9 on raspian buster.

Maybe someone has an idea?

Best,
Matthias

Unbound · March 12, 2021, 4:34pm

On a server that manages over 200 million domains. With knot as authoritative
server, and unbound as recursive client. weatherstation.wunderground.com is
slow to resolve, and is returned as a cloud:

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 16538
;; flags: qr rd ra ; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; weatherstation.wunderground.com. IN A

;; ANSWER SECTION:
weatherstation.wunderground.com. 298 IN CNAME rtupdate.wunderground.com.
rtupdate.wunderground.com. 298 IN CNAME prod-pws-ng-ingest.pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud.
prod-pws-ng-ingest.pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 300 IN CNAME pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud.
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 300 IN A169.55.126.243
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 300 IN A169.61.113.60
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 300 IN A169.55.126.244
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 300 IN A169.63.130.179
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 300 IN A169.63.130.180
pws-ng-prod-iks-wdc-01-997b58a668d15d562a6bed58ea7c5f9e-0001.us-east.containers.appdomain.cloud. 300 IN A169.61.113.58

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 191 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Mar 12 08:27:14 2021
;; MSG SIZE rcvd: 310

IOW there are several choices for the path to take, and it's up to your client to
choose *which* path to take.

HTH

--Chris