Root hints

[ChristoffBo]

When trying to use built in root hints, i just recieve servfail.

Tested with adguard and unbound, then unbound root hints works fine

[ShreyasZare]

Thanks for the post. Try to query any domain to a.root-servers.net using the DNS Client tab to test if you get a correct response. Also check the DNS logs for any errors and post them here.

The more likely reason is that the DNS server has DNSSEC validation enabled by default and your network provider is interfering with the DNSSEC request which is causing the ServerFailure in response.

[ChristoffBo]

Hi, odd when i query a.root-servers.net using dnssec or without i recieve a response no issue.

[ChristoffBo]

Perhaps there was an issue with my isp? Would you reccomend using root hints or a forwarder for privacy?

[ShreyasZare]

It could have been temporary network issue then.

For privacy, first you need to decide from whom you need to hide your data: your ISP or public DNS providers. When using root hints, your requests are in clear text and your ISP can read them. If you configure DoT or DoH then your requests are hidden from ISP but are logged by the DNS provider you chose.

The other option is to get your own cheap $5/mo linux server with any cloud provider and run your own DoH service which you then use from your home network. This will give better privacy then the above two options.

[ChristoffBo]

Perfect. Thank you sir

[ShreyasZare]

You're welcome.