On Ubuntu x86_64 and Ubuntu ARM updates fail on the LAN. To overcome the problem I have to “ifconfig enp2s0 down” and updates work over Wifi, i.e PC/SBC Wifi → cable Modem → Internet.
I appears that the cable modem is in routing mode ?
If so, then it’s wired address needs to be set as “Gateway” in IPFire. It’s unclear why an upgrade to core 160 would break a previously working IPFire.
I notice port 443 in all the messages. Port 443 is enabled https, adding http to it didn’t make a difference. “http://91.189.91.38:443” or “https;//91.189.91.38:443” fail.
No problems with only Wifi configured.
Err https://security.ubuntu.com/ubuntu impish-security/universe amd64 dnsutils all 1:9.16.15-1ubuntu1.1
Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::18). - connect (101: Network is unreachable)
Err https://security.ubuntu.com/ubuntu impish-security/main amd64 php8.0-gd amd64 8.0.8-1ubuntu0.1
Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::18). - connect (101: Network is unreachable)
Err https://security.ubuntu.com/ubuntu impish-security/main amd64 libapache2-mod-php8.0 amd64 8.0.8-1ubuntu0.1
Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::18). - connect (101: Network is unreachable)
Err https://security.ubuntu.com/ubuntu impish-security/main amd64 php8.0-cli amd64 8.0.8-1ubuntu0.1
Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::18). - connect (101: Network is unreachable)
Err https://security.ubuntu.com/ubuntu impish-security/main amd64 php8.0-common amd64 8.0.8-1ubuntu0.1
Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::18). - connect (101: Network is unreachable)
0% [Working]E: Failed to fetch https://security.ubuntu.com/ubuntu/pool/main/t/tzdata/tzdata_2021e-0ubuntu0.21.10_all.deb: Could not connect to security.ubuntu.com:443 (91.189.91.38). - connect (111: Connection refused) Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::15). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:443 (91.189.91.39). - connect (111: Connection refused) Cannot initiate the connection to security.ubuntu.com:443 (2001:67c:1562::18). - connect (101: Network is unreachable)
Are you running with The Web Proxy or Web Proxy and Update Accelerator enabled. If yes, try disabling them first to see if that helps.
If no or it doesn’t improve things then you need to show us the logs of your ipfire machine.
Run the update on your ubuntu machine and then look at the unbound logs in the System Log menu of the WUI or run a grep on /var/log/messages for unbound
I sent email replies which haven’t appeared in this topic and there isn’t anywhere to attach the /var/log/messages.
Web Proxy is not enabled.
To get the problem All I have to do is “apt-get update” from any Ubuntu x86_64 or ARM SBC.
lancelot@slipstream:~/ftp/NOV21> grep unbound messages
Oct 31 00:14:45 ipfire unbound: [1772:0] error: SERVFAIL <support.mozilla.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Oct 31 00:19:56 ipfire unbound: [1772:0] error: SERVFAIL <support.mozilla.org. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 00:35:43 ipfire unbound: [1772:0] info: server stats for thread 0: 88308 queries, 33354 answers from cache, 54954 recursions, 1858 prefetch, 0 rejected by ip ratelimiting
Oct 31 00:35:43 ipfire unbound: [1772:0] info: server stats for thread 0: requestlist max 23 avg 1.57674 exceeded 0 jostled 0
Oct 31 00:35:43 ipfire unbound: [1772:0] info: average recursion processing time 2.222309 sec
Oct 31 00:35:43 ipfire unbound: [1772:0] info: histogram of recursion processing times
Oct 31 00:35:43 ipfire unbound: [1772:0] info: [25%]=0.0204344 median[50%]=0.0296541 [75%]=0.0561313
Oct 31 00:35:43 ipfire unbound: [1772:0] info: lower(secs) upper(secs) recursions
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.000000 0.000001 3822
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.000016 0.000032 1
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.000032 0.000064 1
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.000128 0.000256 1
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.000256 0.000512 3
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.000512 0.001024 19
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.001024 0.002048 25
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.002048 0.004096 84
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.004096 0.008192 117
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.008192 0.016384 3630
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.016384 0.032768 24414
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.032768 0.065536 12761
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.065536 0.131072 7274
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.131072 0.262144 1997
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.262144 0.524288 390
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 0.524288 1.000000 121
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 1.000000 2.000000 29
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 2.000000 4.000000 14
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 4.000000 8.000000 7
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 8.000000 16.000000 12
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 16.000000 32.000000 32
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 32.000000 64.000000 33
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 64.000000 128.000000 43
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 128.000000 256.000000 24
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 256.000000 512.000000 39
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 512.000000 1024.000000 4
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 1024.000000 2048.000000 49
Oct 31 00:35:43 ipfire unbound: [1772:0] info: 2048.000000 4096.000000 8
Oct 31 00:40:17 ipfire unbound: [1772:0] error: SERVFAIL <c2shb.ssp.yahoo.com. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 00:43:29 ipfire unbound: [1772:0] error: SERVFAIL <support.mozilla.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Oct 31 00:43:30 ipfire unbound: [1772:0] error: SERVFAIL <support.mozilla.org. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 00:46:03 ipfire unbound: [1772:0] info: validation failure <5814efa5-d41d-4a89-b176-1cc26fae87cd.prmutv.co. A IN>: covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case from 8.8.8.8 for DS 5814efa5-d41d-4a89-b176-1cc26fae87cd.prmutv.co. while buildin
g chain of trust
Oct 31 00:46:15 ipfire unbound: [1772:0] error: SERVFAIL <c2shb.ssp.yahoo.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Oct 31 00:48:20 ipfire unbound: [1772:0] error: SERVFAIL <c2shb.ssp.yahoo.com. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 01:52:03 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: no NSEC3 records from 208.67.222.222 for DS undefined. while building chain of trust
Oct 31 01:22:34 ipfire unbound: [1772:0] info: validation failure <ocsp.sectigo.com. AAAA IN>: no signatures from 194.168.4.100 and cache
Oct 31 03:41:03 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: no DNSSEC records from 194.168.8.100 for DS undefined. while building chain of trust
Oct 31 03:48:03 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: no DNSSEC records from 194.168.4.100 for DS undefined. while building chain of trust
Oct 31 03:49:03 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: key for validation undefined. is marked as invalid
Oct 31 03:50:03 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: no NSEC3 records from 208.67.220.220 for DS undefined. while building chain of trust
Oct 31 03:51:03 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: key for validation undefined. is marked as invalid
Oct 31 08:19:04 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: no NSEC3 records from 208.67.220.220 for DS undefined. while building chain of trust
Oct 31 08:20:04 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: key for validation undefined. is marked as invalid
Oct 31 08:21:04 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: no NSEC3 records from 208.67.222.222 for DS undefined. while building chain of trust
Oct 31 08:27:43 ipfire unbound: [1772:0] info: validation failure <a.fsdn.com. A IN>: no signatures from 194.168.8.100 and cache
Oct 31 08:27:43 ipfire unbound: [1772:0] info: validation failure <a.fsdn.com. AAAA IN>: no signatures from 194.168.4.100 and cache
Oct 31 08:31:50 ipfire unbound: [1772:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Oct 31 09:16:04 ipfire unbound: [1772:0] info: validation failure <undefined. A IN>: no NSEC3 records from 208.67.220.220 for DS undefined. while building chain of trust
Oct 31 09:33:59 ipfire unbound: [1772:0] info: validation failure <local. SOA IN>: no NSEC3 records from 208.67.222.222 for DS local. while building chain of trust
Oct 31 11:03:30 ipfire unbound: [1772:0] info: validation failure <pop3.blueyonder.co.uk. A IN>: no DNSSEC records from 194.168.8.100 for DS as9143.net. while building chain of trust
Oct 31 11:03:30 ipfire unbound: [1772:0] info: validation failure <pop3.blueyonder.co.uk. AAAA IN>: no DNSSEC records from 194.168.8.100 for DS as9143.net. while building chain of trust
Oct 31 11:25:35 ipfire unbound: [1772:0] error: SERVFAIL <pixel.advertising.com. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:25:35 ipfire unbound: [1772:0] error: SERVFAIL <pixel.advertising.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:25:35 ipfire unbound: [1772:0] error: SERVFAIL <ups.analytics.yahoo.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:25:35 ipfire unbound: [1772:0] error: SERVFAIL <ups.analytics.yahoo.com. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:27:40 ipfire unbound: [1772:0] error: SERVFAIL <ups.analytics.yahoo.com. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:28:05 ipfire unbound: [1772:0] error: SERVFAIL <support.mozilla.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:28:10 ipfire unbound: [1772:0] error: SERVFAIL <api.mantis-intelligence.com. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:28:24 ipfire unbound: [1772:0] error: SERVFAIL <ups.analytics.yahoo.com. A IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:28:34 ipfire unbound: [1772:0] error: SERVFAIL <api.mantis-intelligence.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Oct 31 11:29:41 ipfire unbound: [1772:0] error: SERVFAIL <support.mozilla.org. A IN>: all the configured stub or forward servers failed, at zone .
The 7th icon along above where you compose your replies is an upload icon. If you save the logs or whatever as a text file or if you have a screenshot as an image then you can use this icon to upload the required info to your reply.
Your unbound messages indicate that unbound is physically working but all the SERVFAIL messages and the messages about validation failures indicate that you have a problem with your DNS Servers.
What overall status do you have at the top left-hand side of the Network - Domain Name System menu. The status should be showing Working in green. Also if you press the Check DNS Servers button what status do you get for each of the DNS servers you have setup.
If the status of the individual servers is not a green OK but a red Error then if you hold your mouse pointer over the status sign a small box should come up giving a short message about the cause of the error.
If possible can you show a screenshot of your Domain Name System page.
I added 1.1.1.1 (Cloudflare), checked as OK.
This is crazy as I am also seeing unbound errors from openSUSE boxes except updates and everything else are working. This is with TLS set instead of UDP.
Nov 6 11:30:31 ipfire unbound: [1772:0] error: SERVFAIL <linux.teamviewer.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:32 ipfire unbound: [1772:0] error: SERVFAIL <repo.vivaldi.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:32 ipfire unbound: [1772:0] error: SERVFAIL <repo.vivaldi.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:32 ipfire unbound: [1772:0] error: SERVFAIL <www.youtube.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:34 ipfire unbound: [1772:0] error: SERVFAIL <r3.o.lencr.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:34 ipfire unbound: [1772:0] error: SERVFAIL <fedoraproject.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:35 ipfire unbound: [1772:0] error: SERVFAIL <static.asm.skype.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:39 ipfire unbound: [1772:0] error: SERVFAIL <x.bidswitch.net. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:40 ipfire unbound: [1772:0] error: SERVFAIL <profile.accounts.firefox.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:40 ipfire unbound: [1772:0] error: SERVFAIL <profile.accounts.firefox.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:40 ipfire unbound: [1772:0] error: SERVFAIL <sync-1-us-west1-g.sync.services.mozilla.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:40 ipfire unbound: [1772:0] error: SERVFAIL <sync-1-us-west1-g.sync.services.mozilla.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:41 ipfire unbound: [1772:0] error: SERVFAIL <static.asm.skype.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:41 ipfire unbound: [1772:0] error: SERVFAIL <download.opensuse.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:42 ipfire unbound: [1772:0] error: SERVFAIL <packages.microsoft.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:48 ipfire unbound: [1772:0] error: SERVFAIL <community.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:48 ipfire unbound: [1772:0] error: SERVFAIL <community.ipfire.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:49 ipfire unbound: [1772:0] error: SERVFAIL <mirrorcache.opensuse.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:54 ipfire unbound: [1772:0] error: SERVFAIL <bidder.criteo.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:30:59 ipfire unbound: [1772:0] error: SERVFAIL <www.googleapis.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:01 ipfire unbound: [1772:0] error: SERVFAIL <static.asm.skype.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:02 ipfire unbound: [1772:0] error: SERVFAIL <packages.microsoft.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:02 ipfire unbound: [1772:0] error: SERVFAIL <mirrorcache-eu.opensuse.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:04 ipfire unbound: [1772:0] error: SERVFAIL <pagead2.googlesyndication.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:07 ipfire unbound: [1772:0] error: SERVFAIL <mirrorcache-eu.opensuse.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:08 ipfire unbound: [1772:0] error: SERVFAIL <downloadcontent.opensuse.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:08 ipfire unbound: [1772:0] error: SERVFAIL <downloadcontent.opensuse.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:09 ipfire unbound: [1772:0] error: SERVFAIL <fw.adsafeprotected.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:13 ipfire unbound: [1772:0] error: SERVFAIL <www.youtube.com. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:13 ipfire unbound: [1772:0] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Nov 6 11:31:13 ipfire unbound: [1772:0] notice: ssl handshake failed 1.1.1.1 port 853
Nov 6 11:31:13 ipfire unbound: [1772:0] error: ssl handshake failed crypto error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Nov 6 11:31:13 ipfire unbound: [1772:0] notice: ssl handshake failed 1.1.1.1 port 853
Nov 6 11:31:13 ipfire unbound: [1772:0] error: SERVFAIL <www.youtube.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:14 ipfire unbound: [1772:0] error: SERVFAIL <community.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:14 ipfire unbound: [1772:0] error: SERVFAIL <community.ipfire.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:14 ipfire unbound: [1772:0] error: SERVFAIL <cdn-0.tutorial45.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:16 ipfire unbound: [1772:0] error: SERVFAIL <static.asm.skype.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:18 ipfire unbound: [1772:0] error: SERVFAIL <api.crowdsec.net. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:18 ipfire unbound: [1772:0] error: SERVFAIL <api.crowdsec.net. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:19 ipfire unbound: [1772:0] error: SERVFAIL <googleads4.g.doubleclick.net. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:22 ipfire unbound: [1772:0] error: SERVFAIL <brave-browser-rpm-release.s3.brave.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:23 ipfire unbound: [1772:0] error: SERVFAIL <community.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:23 ipfire unbound: [1772:0] error: SERVFAIL <community.ipfire.org. AAAA IN>: all the configured stub or forward servers failed, at zone .
Nov 6 11:31:25 ipfire unbound: [1772:0] error: SERVFAIL <ade.googlesyndication.com. A IN>: all the configured stub or forward servers failed, at zone .
[root@ipfire ~]#
Back with UDP, testing apt update on Ubuntu x86_64. No unbound messages with Ubuntu x86_64 and ARM problems since 11:34 until last apt-get update at 11:50. Processing: messages… messages.gz (270.0 KB)
Your problem with TLS is that you just changed the protocol from UDP to TLS but TLS requires the TLS Hostname to be filled in.
With the UDP protocoll you have a different problem not related to DNS.
The Network unreachable messages are related to the ipv6 addresses which is not surprising as IPFire does not use ipv6.
The ipv4 ip addresses are coming back with Connection refused. This indicates that the connection was made to the server but that it was then rejected for some reason.
You could try
ping -c4 91.189.88.152
You should get back 4 responses with no problems, which is what I get when I run that command from the console.
EDIT: you should do the ping with security.ubuntu.com as that will also confirm DNS working or not.
Then I ran
dig security.ubuntu.com
and got the following good response.
; <<>> DiG 9.11.32 <<>> security.ubuntu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19779
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;security.ubuntu.com. IN A
;; ANSWER SECTION:
security.ubuntu.com. 60 IN A 91.189.91.39
security.ubuntu.com. 60 IN A 91.189.91.38
security.ubuntu.com. 60 IN A 91.189.88.152
security.ubuntu.com. 60 IN A 91.189.88.142
;; Query time: 47 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Nov 06 14:31:44 CET 2021
;; MSG SIZE rcvd: 112
This indicates that DNS access for that url is working fine.
EDIT:
You can also see that security.ubuntu.com has 4 different ip addresses. When you ping security.ubuntu.com then each time you could get a different one of these resolved.
If you get something different for the ping and dig commands then there is still a problem with communication to the ubuntu server but I don’t expect it based on your unbound log messages.
[root@ipfire ~]# grep unbound /var/log/messages
Nov 7 00:01:40 ipfire unbound: [1772:0] error: SERVFAIL <ups.analytics.yahoo.com. A IN>: all the configured stub or forward servers failed, at zone .
Nov 7 00:08:09 ipfire unbound: [1772:0] error: SERVFAIL <pixel.advertising.com. A IN>: all the configured stub or forward servers failed, at zone .
[root@ipfire ~]# date
Sun Nov 7 02:05:26 AM GMT 2021
[root@ipfire ~]#
If you only have the two SERVFAIL messages that is not a big issue.
Occasionally there will be an error getting a DNS response for a certain url from a DNS server and you will get a SERVFAIL and then unbound will try the other DNS servers in your list.
If it is a continuous list of SERVFAIL messages then you have a problem.
Also if your DNS Servers are all showing a green OK and the overall is a green Working then there is no problem from the unbound DNS service. Also if your pings or digs work from your computer on green that also indicates no problem with IPFire because all of those have to go via the IPFire unbound service.