Hello Adolf, > On 27 Jan 2026, at 16:33, Adolf Belka <[email protected]> wrote: > > Hi Michael, > > On 27/01/2026 17:10, Michael Tremer wrote: >> Hello Adolf, >> Interesting case. I tried to resolve the domain at my office and that seems >> to be working just fine. >> They don’t even use DNSSEC, so any problems from that can be ruled out. >> Anything more in the logs? It could have been the IP blocklists blocking >> communication. > > I checked out disabling the IP Blocklists, IPS and Web Proxy and still it was > blocked if I was using recursor mode. > > I just came home and the standard dns servers have been running for the last > 5 hours (so not recursor mode) and tried accessing the login page and it > worked fine. > > I then changed back to the recursor mode, cleared the browser cache and > immediately the login page failed to load. The message I get is > > > Unable to connect > Firefox can’t establish a connection to the server at auth.opgroen.nl. > Error code: 503 Service Unavailable > The site could be temporarily unavailable or too busy. Try again in a few > moments. > If you are unable to load any pages, check your computer’s network > connection. > If your computer or network is protected by a firewall or proxy, make sure > that Firefox is permitted to access the web. > > I then turned back on the listed dns servers, cleared the browser cache and > the login page worked immediately. > > So the issue is consistent. > >> If you have been testing DBL, that can probably be ruled out because you >> don’t resolve anything. The domain is not listed: >> https://www.ipfire.org/dbl/search?q=auth.opgroen.nl > > For this investigation I had disabled the URL Filter. > > I looked in the DS logs for all of January and only found a single entry > > 09/21:27:54 unbound: [2020:0] error: SERVFAIL <opgroen.nl. A IN>: misc > failure
Hmm, this is not a very useful error message. I just checked the Unbound source and this seems to be coming from the validator module - the one for DNSSEC although the domain does not use DNSSEC at all. Can you try to increase the val-log-level and see if Unbound can tell us more? https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#unbound-conf-val-log-level > This was combined with a lot of other fails but this was when there was a > problem with my ISP connection and before the time that I was trying to login > to my insurer. > > So as far as I can find other than the Unable to resolve A/AAAA record > message I have not found any other message related to opgroen.nl in my logs > for the whole of January which makes it very strange, especially as I can > turn the problem on and off by using recursor mode or using listed dns > servers. > > Anyway, I have a working system now with listed dns servers so will stay > using that for the future. > > Regards, > > Adolf. > >> -Michael >>> On 27 Jan 2026, at 10:28, Adolf Belka <[email protected]> wrote: >>> >>> Hi All, >>> >>> Thought I would communicate about a problem I have been having. >>> >>> I needed to login to my Insurance web site. I could access all the web >>> pages I wanted but when trying to login I always got a 503 not available or >>> a timeout. This was happening for the last three days. >>> >>> I disabled the web proxy, IPS and the IP Blocklists functions but none of >>> it made any difference. Also cleared all caches I could find. No >>> difference. All other web sites and logins worked fine. >>> >>> This morning looking through various logs I found the following message. >>> >>> INFO: Unable to resolve A/AAAA record of queried destination >>> 'auth.opgroen.nl', returning ERR... >>> >>> I was using the Recursor mode with my IPFire DNS but I still had 5 DNS >>> servers listed, just not enabled. >>> I therefore enabled them and immediately I was able to get the login screen >>> to display. >>> >>> I then reverted back to the recursor mode and the login stayed worked. Also >>> after waiting 5 minutes. I then cleared the browser cache and the login >>> page failed to be found. >>> >>> I then enabled just one DNS server - recursor01.dns.lightningwirelabs.com - >>> on the DNS page and the login page worked again. >>> >>> Also tested clearing the browser cache and the login page still being shown. >>> >>> Working now for over 15 minutes. That is compared to not working at all >>> once over the last three days trying numerous times. >>> >>> So there seems to be something about my insurance providers login page that >>> doesn't want to work well with the Recursor Mode, although everything else >>> has worked fine. >>> >>> So I now have a selected DNS site and thankfully I am able to access the >>> login page again but thought I would let you know what I found. >>> >>> Regards, >>> >>> Adolf. >>> >>> >
