search

trinib / AdGuard-WireGuard-Unbound-DNScrypt

Linux ultimate self-hosted network security guide ║ Linux 终极自托管网络安全指南 ║ Guía definitiva de seguridad de red autohospedada de Linux ║ लिनक्स परम स्व-होस्टेड नेटवर्क सुरक्षा गाइड ║ Окончательное руководство по безопасности собственной сети Linux
MIT License
729 stars 58 forks source link

SERVFAIL ISSUES #65

Closed mshrem closed 1 year ago

mshrem commented 1 year ago

Operating System

Raspberry Pi

Architecture

32-bit

Platform

Linux

Project

Stubby

Browser

Chrome

Issue

Other (explain in description)

Issue Description

Hey boss @trinib i followed the guide to the T and i cant seem to get it to work with my pi.

everything returns for me in SERVFAIL

`pi@raspberrypi:~ $ dig amazon.com @127.0.0.1 -p 8053

; <<>> DiG 9.16.33-Raspbian <<>> amazon.com @127.0.0.1 -p 8053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45089
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;amazon.com.                    IN      A

;; Query time: 4809 msec
;; SERVER: 127.0.0.1#8053(127.0.0.1)
;; WHEN: Fri Nov 04 16:26:44 CST 2022
;; MSG SIZE  rcvd: 28`
`pi@raspberrypi:~ $ dig amazon.com @127.0.0.1 -p 53

; <<>> DiG 9.16.33-Raspbian <<>> amazon.com @127.0.0.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 26920
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;amazon.com.                    IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Nov 04 16:29:04 CST 2022
;; MSG SIZE  rcvd: 39`

`pi@raspberrypi:~ $ dig amazon.com @127.0.0.1 -p 5053

; <<>> DiG 9.16.33-Raspbian <<>> amazon.com @127.0.0.1 -p 5053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7403
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8cabb3405906d479 (echoed)
;; QUESTION SECTION:
;amazon.com.                    IN      A

;; ANSWER SECTION:
amazon.com.             871     IN      A       52.94.236.248
amazon.com.             871     IN      A       54.239.28.85
amazon.com.             871     IN      A       205.251.242.103

;; Query time: 309 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1)
;; WHEN: Fri Nov 04 16:30:35 CST 2022
;; MSG SIZE  rcvd: 129`
welcome[bot] commented 1 year ago

Thanks for opening your first issue here 🙋🕵️

trinib commented 1 year ago

@mshrem unbound port 53 is currently working for me but something is up with stubby .. when i use cloudflare i get server fail but using other dns like quad9 i get noerror

ill have to look in more on stubby but unbound seems to working , what you get in unbound service logs ?

trinib commented 1 year ago

@mshrem also are you using stubby and dnscrypt at the same time ? only use one

trinib commented 1 year ago

@mshrem i realized when i add in cloudfare ipv4 or ipv6 ONLY by itself it get fail. When is add both the issue is no more. This do not happen with quad9 if i add one by itself .. weird

trinib commented 1 year ago

it has to be a stubby and cloudflare thing

mshrem commented 1 year ago

Yo my b sorry for the late reply ....

I had turned on pfblockerng while setting this up turns out that was the issue.

Everything throws out NOERROR after disabling it

image

However i am facing this now

trinib commented 1 year ago

However i am facing this now

1.1.1.1/help show DoH and DoT with cloudflare servers ONLY

mshrem commented 1 year ago

Ohhhhh ok i was using quad 9! Thanks for this man looks awesome!