You were right Leen: all traffic goes through the VPN, and disabling DNSSEC resolved the problem. I'll follow this up with AirVPN.
Many thanks, Rob ________________________________________ From: Unbound-users <[email protected]> on behalf of Leen Besselink via Unbound-users <[email protected]> Sent: 26 May 2016 11:46:18 To: [email protected] Subject: Re: Cannot resolve .co.uk domains with VPN, local DNS using Unbound On Thu, May 26, 2016 at 10:38:44AM +0000, Rob via Unbound-users wrote: > Hello, > Hi, Based on the DNSSEC-root key you have in your config, I assume this will enable DNSSEC-validation. Maybe all traffic is routed over the VPN so the other DNS-servers aren't reachable anymore ? AND the airvpn DNS-server is blocking/dropping/does not understand the DNSSEC-information. Have you tested it while it's turned off ? https://www.unbound.net/documentation/howto_turnoff_dnssec.html > > I'm using unbound as a local DNS server on my laptop (Arch Linux). > Occasionally the laptop is unable to resolve .co.uk TLDs while connected to a > VPN (AirVPN using OpenVPN). When this happens the AirVPN website says their > servers can still connect to .co.uk addresses, so I wonder if unbound could > be causing the problem. I can't reproducibly cause the issue, which seems to > happen randomly and doesn't affect any other TLDs. If I disconnect from the > VPN, .co.uk addresses are resolved again. > > > Any help would be much appreciated, even if just to confirm that unbound > isn't the problem. > > > Unbound listens on 127.0.0.1 and points all DNS queries to the AirVPN > nameserver at 10.4.0.1. Queries for servers at my university get sent to the > DNS at 131.227.13{0,1}.5. > > > unbound.conf is: > > ------- > > include: "/etc/unbound/resolvunbound" > > server: > verbosity: 1 > use-syslog: yes > username: "unbound" > directory: "/etc/unbound" > > interface: 127.0.0.1 > trust-anchor-file: trusted-key.key > root-hints: "/etc/unbound/root.hints" > > local-zone: "10.in-addr.arpa." nodefault > local-zone: "168.192.in-addr.arpa." nodefault > > forward-zone: > name: "surrey.ac.uk." > forward-addr: 131.227.131.5 #internal dns > forward-addr: 131.227.130.5 > forward-addr: 10.4.0.1 #airvpn dns > > forward-zone: > name: "lib.surrey.ac.uk." > forward-addr: 131.227.131.5 > forward-addr: 131.227.130.5 > > forward-zone: > name: "227.131.in-addr.arpa." > forward-addr: 131.227.131.5 > forward-addr: 131.227.130.5 > ------- > > and openresolv is configured with resolvconf.conf: > ------- > name_servers=127.0.0.1 > resolv_conf=/etc/resolv.conf > unbound_conf="/etc/unbound/resolvunbound" > private_interfaces="svpn" > ------- > > Thanks in advance, > Rob >
