search

qdm12 / dns

Docker DNS server on steroids to access DNS-over-TLS from Cloudflare, Google, Quad9, Quadrant or CleanBrowsing
https://hub.docker.com/r/qmcgaw/cloudflare-dns-server
MIT License
235 stars 38 forks source link

unable to resolve domain #55

Closed axel-dd closed 3 years ago

axel-dd commented 3 years ago

Hi Quentin, any idea why the upstream server is unable to resolve windelwissen.de?

Test with upstream server

[axel@axel-pc ~]$ dig windelwissen.de @192.168.2.6

; <<>> DiG 9.16.10 <<>> windelwissen.de @192.168.2.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4853
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;windelwissen.de.               IN      A

;; Query time: 303 msec
;; SERVER: 192.168.2.6#53(192.168.2.6)
;; WHEN: Fr Jan 29 15:58:01 CET 2021
;; MSG SIZE  rcvd: 44

Test with quad9 directly

[axel@axel-pc ~]$ dig windelwissen.de @8.8.8.8

; <<>> DiG 9.16.10 <<>> windelwissen.de @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3276
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;windelwissen.de.               IN      A

;; ANSWER SECTION:
windelwissen.de.        299     IN      A       23.227.38.65

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fr Jan 29 15:58:12 CET 2021
;; MSG SIZE  rcvd: 60
qdm12 commented 3 years ago

I'm not sure, what are your settings? Maybe it's blocked by a block list?

I tried on mine with :latest (freshly pulled) using quad9 as the single provider and then

docker exec dns nslookup windelwissen.de
Server:         127.0.0.11
Address:        127.0.0.11:53

Non-authoritative answer:
Name:   windelwissen.de
Address: 23.227.38.65

Non-authoritative answer:

So it seems to work?

axel-dd commented 3 years ago

Thanks for the hint. I found the problem! I set BLOCK_MALICIOUS=off and it works. The IP 23.227.38.65 is on your malicious IPs list - https://github.com/qdm12/files/blob/master/malicious-ips.updated

qdm12 commented 3 years ago

Ah that's strange. I'll add an UNBLOCK_IP environment variable for that purpose, let's keep the issue opened.

axel-dd commented 3 years ago

OK, the UNBLOCK_IP environment variable works. Now I switched to BLOCK_MALICIOUS=on UNBLOCK_IP=23.227.38.65

Please do not forget to document the new environment variable on the manpage. I think you can also remove 23.227.38.65 from your malicious IPs list.

Thank you for help.

qdm12 commented 3 years ago

There is no UNBLOCK_IP 😄 I still need to add it, sorry for the delay.

My guess is the ip got removed from the blocklist automagically from external sources.

axel-dd commented 3 years ago

Strange magic. :mage_man:

OK, I switch back to BLOCK_MALICIOUS=off. I still have a pihole behind the dns anyway.

qdm12 commented 3 years ago

See https://github.com/qdm12/dns/issues/86 I'll add it in the :v2.0.0-beta image which will ultimately become :latest in the coming days. Closing this issue to tidy up, thanks.

qdm12 commented 3 years ago

This now done, you can use ALLOWED_IPS and ALLOWED_CIDRS if you ever need to unblock some IPs 😉