Dns query failure

yoni-priester · 5 January 2025 08:25

unbound gives the following error:
error: SERVFAIL : all servers for this domain are down, no server to query at zone crypmoney.de. from 81.91.164.5 Nameserver addresses not usable

but this page reports a positive result:
https://dnschecker.org/#A/crypmoney.de.

why these different results?
Could something be changed?

unbound is running in recursor mode.

logfile:

09:13:22	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:13:22	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone refined.dnscheck.internet-measurement.com. from 87.236.176.165 got SERVFAIL
09:13:21	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone tph.mohw.gov.tw. upstream server timeout
09:13:19	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone brokers.bcbst.com. upstream server timeout
09:13:19	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone freegamingoffer.com. upstream server timeout
09:13:16	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone getseo.click. from 185.159.198.3 no server to query nameserver addresses not usable
09:13:15	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone uni5.net. from 172.64.52.218 got SERVFAIL
09:13:15	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone uni5.net. from 162.159.24.210 got SERVFAIL
09:13:14	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:13:13	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 194.0.0.53 no server to query nameserver addresses not usable
09:13:11	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:13:11	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 195.243.137.26 no server to query nameserver addresses not usable
09:13:10	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone mocketgroup.com. from 192.43.172.30 no server to query nameserver addresses not usable
09:13:10	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone reassuring.dnscheck.internet-measurement.com. upstream server timeout
09:13:07	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone tnhosp.mohw.gov.tw. from 203.65.100.129 no server to query nameserver addresses not usable
09:13:06	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone laventurine-enligne.fr. from 85.236.159.3 got REFUSED
09:13:06	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone plimothinvestment.com. from 209.213.80.9 upstream server timeout
09:13:05	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone freegamingoffer.com. upstream server timeout
09:13:03	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone mocketgroup.com. upstream server timeout
09:13:01	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:13:00	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone uni5.net. from 162.159.25.222 got SERVFAIL
09:13:00	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone fidtravel.ro. from 78.104.145.6 no server to query nameserver addresses not usable
09:12:59	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone broker.bcbst.com. upstream server timeout
09:12:59	unbound: [6918:5]	error: SERVFAIL : SERVFAIL in cache
09:12:58	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:58	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 81.91.164.5 no server to query nameserver addresses not usable
09:12:58	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone lunaenerji.com. upstream server timeout
09:12:56	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone pressimmo-online.com. upstream server timeout
09:12:55	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone reassuring.dnscheck.internet-measurement.com. from 87.236.176.116 got SERVFAIL
09:12:55	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone kutchkhabar.com. upstream server timeout
09:12:54	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone getseo.click. from 185.159.198.3 no server to query nameserver addresses not usable
09:12:52	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone laventurine-enligne.fr. from 185.22.111.3 got REFUSED
09:12:50	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:50	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone agricorp.eu. upstream server timeout
09:12:49	unbound: [6918:0]	error: SERVFAIL : SERVFAIL in cache
09:12:47	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:47	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. upstream server timeout
09:12:47	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 81.91.164.5 no server to query nameserver addresses not usable
09:12:46	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone amalfikuesteitalien.de. upstream server timeout
09:12:43	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone ravishing.dnscheck.internet-measurement.com. from 185.247.137.241 got SERVFAIL
09:12:43	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone lifeonlakemartin.com. upstream server timeout
09:12:43	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone NTV.RU. upstream server timeout
09:12:41	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone uni5.net. from 172.64.53.80 got SERVFAIL
09:12:40	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone galagomarket.com. upstream server timeout
09:12:39	unbound: [6918:0]	error: SERVFAIL : exceeded the maximum number of sends
09:12:39	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone peninsulavintage.com. no server to query no addresses for nameservers
09:12:39	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone peninsulavintage.com. no server to query no addresses for nameservers
09:12:38	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone joefauth.com. from 192.43.172.30 no server to query nameserver addresses not usable
09:12:37	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone touristpolice.gov.bd. upstream server timeout
09:12:37	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:34	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone fidtravel.ro. from 192.162.16.20 no server to query nameserver addresses not usable
09:12:34	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:34	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 81.91.164.5 no server to query nameserver addresses not usable
09:12:34	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone scoalatedi.ro. from 194.0.11.113 no server to query nameserver addresses not usable
09:12:33	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone al-amen.com. upstream server timeout
09:12:33	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone dacon-manzai.com. upstream server timeout
09:12:33	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone getseo.click. upstream server timeout
09:12:33	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 81.91.164.5 no server to query nameserver addresses not usable
09:12:33	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 81.91.164.5 no server to query nameserver addresses not usable
09:12:32	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone osem.edu.in. upstream server timeout
09:12:32	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone sanbiagio.org. upstream server timeout
09:12:30	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone ravishing.dnscheck.internet-measurement.com. from 185.247.137.241 got SERVFAIL
09:12:30	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone tnhosp.mohw.gov.tw. from 210.69.10.10 no server to query nameserver addresses not usable
09:12:29	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone tnhosp.mohw.gov.tw. upstream server timeout
09:12:28	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone uni5.net. from 172.64.52.218 got SERVFAIL
09:12:27	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone kocaelisavunma.com. upstream server timeout
09:12:27	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone brhandsfoundation.com. upstream server timeout
09:12:27	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone brianhicksrealty.com. upstream server timeout
09:12:27	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone fidtravel.ro. from 194.0.11.113 no server to query nameserver addresses not usable
09:12:27	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone aktasambalaj.com. upstream server timeout
09:12:26	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:23	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:20	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone t9d.in. upstream server timeout
09:12:20	unbound: [6918:4]	error: SERVFAIL <5urzbo5dpghra.ravishing.dnscheck.internet-measurement.com. A IN>: all servers for this domain failed, at zone ravishing.dnscheck.internet-measurement.com. from 185.247.137.241 got SERVFAIL
09:12:19	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 195.243.137.26 no server to query nameserver addresses not usable
09:12:18	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone uni5.net. from 162.159.25.222 got SERVFAIL
09:12:18	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone tnhosp.mohw.gov.tw. from 210.69.10.10 no server to query nameserver addresses not usable
09:12:17	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone uni5.net. from 172.64.52.218 got SERVFAIL
09:12:16	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone pliva-jajce.com. upstream server timeout
09:12:13	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone icmab.org.bd. upstream server timeout
09:12:13	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:12	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone rapturous.dnscheck.internet-measurement.com. from 51.15.62.191 no server to query nameserver addresses not usable
09:12:12	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone taoyuanstory.tw. upstream server timeout
09:12:12	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. upstream server timeout
09:12:11	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone taic.mohw.gov.tw. from 210.69.10.10 no server to query nameserver addresses not usable
09:12:10	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:08	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone taoyuanstory.tw. upstream server timeout
09:12:07	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone getseo.click. from 185.159.198.3 no server to query nameserver addresses not usable
09:12:07	unbound: [6918:0]	error: SERVFAIL <5urzbo5dpghra.ravishing.dnscheck.internet-measurement.com. A IN>: all servers for this domain failed, at zone ravishing.dnscheck.internet-measurement.com. from 185.247.137.241 got SERVFAIL
09:12:06	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone linenshop.gr. from 194.0.11.102 no server to query nameserver addresses not usable
09:12:06	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone linenshop.gr. from 194.0.11.102 no server to query nameserver addresses not usable
09:12:05	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone lassombras.net. upstream server timeout
09:12:04	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:04	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone goshiintl.com. upstream server timeout
09:12:02	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:12:02	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 81.91.164.5 no server to query nameserver addresses not usable
09:12:00	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. from 192.43.172.30 no server to query nameserver addresses not usable
09:12:00	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone sielbe.gr. upstream server timeout
09:11:59	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone futuretransport.com.br. from 200.219.154.10 no server to query nameserver addresses not usable
09:11:59	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone lasalleelcarmen.es. upstream server timeout
09:11:59	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone fidtravel.ro. from 192.162.16.18 no server to query nameserver addresses not usable
09:11:54	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone rapturous.dnscheck.internet-measurement.com. upstream server timeout
09:11:54	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.33.39 no server to query nameserver addresses not usable
09:11:53	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone scoalatedi.ro. upstream server timeout
09:11:53	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone linenshop.gr. from 194.0.11.102 no server to query nameserver addresses not usable
09:11:53	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone t9d.in. from 37.209.196.12 no server to query nameserver addresses not usable
09:11:51	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. from 192.43.172.30 no server to query nameserver addresses not usable
09:11:48	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. upstream server timeout
09:11:48	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 195.243.137.26 no server to query nameserver addresses not usable
09:11:48	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. upstream server timeout
09:11:46	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.32.39 no server to query nameserver addresses not usable
09:11:45	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone getseo.click. from 64.96.1.1 no server to query nameserver addresses not usable
09:11:44	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.0.16.215 no server to query nameserver addresses not usable
09:11:44	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. from 192.12.94.30 no server to query nameserver addresses not usable
09:11:43	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone freefuckbook.com. upstream server timeout
09:11:43	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone definitiveweb.ca. upstream server timeout
09:11:41	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone eurograv.pl. upstream server timeout
09:11:40	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone PLAZMA-UFA.RU. upstream server timeout
09:11:38	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.32.39 no server to query nameserver addresses not usable
09:11:35	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone foreverliving.it. from 195.7.227.1 upstream server timeout
09:11:35	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.32.39 no server to query nameserver addresses not usable
09:11:34	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone getseo.click. from 64.96.1.1 no server to query nameserver addresses not usable
09:11:32	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. from 192.55.83.30 no server to query nameserver addresses not usable
09:11:31	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone radiant.dnscheck.internet-measurement.com. from 87.236.176.3 got SERVFAIL
09:11:31	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.119.192.34 no server to query nameserver addresses not usable
09:11:29	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. no server to query nameserver addresses not usable
09:11:28	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.119.192.34 no server to query nameserver addresses not usable
09:11:28	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.0.16.215 no server to query nameserver addresses not usable
09:11:28	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone fidtravel.ro. from 194.0.11.113 no server to query nameserver addresses not usable
09:11:28	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. upstream server timeout
09:11:25	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. no server to query nameserver addresses not usable
09:11:25	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. no server to query nameserver addresses not usable
09:11:25	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. no server to query nameserver addresses not usable
09:11:25	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.32.39 no server to query nameserver addresses not usable
09:11:24	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone h2opro.com.ve. upstream server timeout
09:11:24	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. no server to query nameserver addresses not usable
09:11:23	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 81.91.164.5 no server to query nameserver addresses not usable
09:11:22	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.0.16.215 no server to query nameserver addresses not usable
09:11:22	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone getseo.click. from 64.96.1.1 no server to query nameserver addresses not usable
09:11:22	unbound: [6918:5]	error: SERVFAIL : all servers for this domain failed, at zone sub.plus. from 65.22.32.39 no server to query nameserver addresses not usable
09:11:22	unbound: [6918:2]	error: SERVFAIL : all servers for this domain failed, at zone taic.mohw.gov.tw. upstream server timeout
09:11:21	unbound: [6918:1]	error: SERVFAIL : all servers for this domain failed, at zone mitsubishi-home.com. from 192.42.93.30 no server to query nameserver addresses not usable
09:11:21	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.119.192.34 no server to query nameserver addresses not usable
09:11:21	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.0.16.215 no server to query nameserver addresses not usable
09:11:20	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone smilenet.it. from 194.119.192.34 no server to query nameserver addresses not usable
09:11:18	unbound: [6918:4]	error: SERVFAIL : all servers for this domain failed, at zone radiant.dnscheck.internet-measurement.com. from 87.236.176.3 got SERVFAIL
09:11:18	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone linenshop.gr. from 194.0.11.102 no server to query nameserver addresses not usable
09:11:14	unbound: [6918:3]	error: SERVFAIL : all servers for this domain failed, at zone pbn.plus. from 65.22.32.39 no server to query nameserver addresses not usable
09:11:13	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone crypmoney.de. from 195.243.137.26 no server to query nameserver addresses not usable
09:11:12	unbound: [6918:0]	error: SERVFAIL : all servers for this domain failed, at zone magazinuldeantichitati.ro. upstream server timeout

stephen · 5 January 2025 08:40

Maybe check if your system clock set to the right time? If the clock is off it could cause problems for unbound.

yoni-priester · 5 January 2025 09:08

Date and time same Radio clock

stephen · 5 January 2025 09:25

For further troubleshooting, I would log onto the console or ssh to the machine and take a look at /var/log/messages.

Find the exact time that the errors first started occurring and see if there was something prior to that going on in the system that looks suspicious or may be related to the problem.

What core update are you running?

yoni-priester · 5 January 2025 10:39

IPFire 2.29 (x86_64) - Core-Update 190

/var/log/messages

is flooded by :

Jan 5 00:01:01 Router kernel: DROP_CTINVALID IN=blue0 OUT=red0 MAC=00:1b:21:a8:3a:34:f6:89:17:9a:ec:22:08:00 SRC=192.168.1.30 DST=66.23. 228.18 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=20140 PROTO=TCP SPT=50494 DPT=80 WINDOW=183 RES=0x00 ACK FIN URGP=0
and

Jan 5 00:01:05 Router kernel: DROP_CTINVALID IN=red0 OUT= MAC=00:1b:21:a8:3a:30:00:17:10:9f:46:9c:08:00 SRC=185.17.199.4 DST=95.91.104. 62 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=15188 DF PROTO=TCP SPT=80 DPT=44968 WINDOW=32119 RES=0x00 ACK FIN URGP=0

Translated with DeepL.com (free version)

stephen · 5 January 2025 20:08

The DROP messages are normal and just indicate that your firewall is working and blocking traffic. You can filter them out and ignore them.

Here is an example of that kind of filtering:

Count the number of lines in /var/log/messages:

[root@zone3 log]# wc -l messages
30515 messages

Use grep to filter out the DROP messages and write to another file:

[root@zone3 log]# grep -v DROP messages > messages.nodrop

Count the number of lines in the new file:

[root@zone3 log]# wc -l messages.nodrop 
27395 messages.nodrop

From the example you can see about 3000 DROP messages got filtered out. FYI, if you’re using blocklists, you can also filter out and ignore BLKLST messages.

[root@zone3 log]# grep -v BLKLST messages.nodrop > messages.nodrop.noblklst
[root@zone3 log]# wc -l messages.nodrop.noblklst 
23527 messages.nodrop.noblklst

On my system with those two steps I filter out 7000 messages.

Now you can continue looking at filtered messages.nodrop (or messages.nodrop.noblklst) file for clues when the issue with unbound started.

Regards,
Stephen

yoni-priester · 6 January 2025 04:33

Thank you for your time and your explanations.

My question has not yet been answered.
Why does Unbound deliver incorrect DNS results?
DNSSEC is active.

jon · 6 January 2025 16:03

This might help others answer your question. . .

Click Check DNS Servers button from the Network > Domain Name System and post a screenshot

https://www.ipfire.org/docs/configuration/network/dns-server#check-dns-servers

yoni-priester · 6 January 2025 17:36

stephen · 6 January 2025 19:09

@jon, that was a good ask.

@yoni-priester , from your screenshot, you don’t have any DNS servers selected. Use ISP DNS servers is not selected and none of the 1’s or 8’s DNS servers that you’ve added are selected.

Regards,
Stephen

yoni-priester · 6 January 2025 19:21

to the best of my knowledge, i do not need to add a dns server in the current recursor mode.
only in forward mode.
but this is currently not active.

Please correct me if I am wrong.

stephen · 6 January 2025 20:44

@yoni-priester Sorry, I missed the green Working (Recursor Mode) at the top of your screenshot. I put my own firewall into Recursor Mode with a ‘tail -f /var/log/messages | grep unbound’ as a test and saw no issues. I’m not sure how to help troubleshoot this further. Maybe someone else has some ideas where to look…

Regards,
Stephen

hvacguy · 6 January 2025 23:17

Could this be a UDP issue?
Perhaps TCP would be better?
Grasping at straws here.