DNS resolving problem
-
Hi there,
I have massive problems with images not loading in Mastodon ("not available").
Reading through the logs and looking into Sidekiq, I found out that numerous host names do not resolve (anymore).I went to the Mastodon app terminal window and tried 'dig {hostname}' with some of the host names (many S3 endpoints that host images for Mastodon instances, e.g. Wasabi) that I found in the dead jobs section of Sidekiq, with the following results:
Possible result #1:
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> {hostname} ;; global options: +cmd ;; connection timed out; no servers could be reachedPossible result #2:
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> {hostname} ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61160 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;{hostname}. IN A ;; Query time: 4 msec ;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP) ;; WHEN: Wed Mar 22 09:42:21 UTC 2023 ;; MSG SIZE rcvd: 58However, if I do 'dig {hostname} @9.9.9.9", it resolves just fine!
I can edit resolv.conf, but after re-booting, it will revert to 127.0.0.1 - is this Cloudron's unbound server?
What can I do? -
Yes the dns resolving will be through unbound on the system. So first make sure unbound is running fine. If not, try https://docs.cloudron.io/troubleshooting/#unbound
-
N nebulon marked this topic as a question on
-
@nebulon said in DNS resolving problem:
Yes the dns resolving will be through unbound on the system. So first make sure unbound is running fine. If not, try https://docs.cloudron.io/troubleshooting/#unbound
unbound was running.
I have added the forward-all as suggested in the doc, and now everything appears to be fine.
I retried the whole dead job list and there are no resolving issues anymore.Can I just leave the forward-all setting, or do you suggest further troubleshooting?
-
-
-
-
G girish has marked this topic as solved on
-
@girish said in DNS resolving problem:
@nichu42 OK, thanks. I am not sure why the forwarding is needed. But if it works...
Alright, then I will keep it that way.
But I have a bonus question: The favorite DNS server I'd like to use (UncensoredDNS, very close to my VPS location and thus extremely quick) is only reachable through DoT or DoH. Do you know if it's possible to make this work?
I've tried to modify the forward-all.conf like this
forward-tls-upstream: yes forward-addr: 91.239.100.100@853#anycast.uncensoreddns.org forward-addr: 1.1.1.1@853#cloudflare-dns.combut it didn't work (SERVFAIL).
-
N nichu42 referenced this topic on
-
N nichu42 referenced this topic on
-
@nichu42 said in DNS resolving problem:
I've tried to modify the forward-all.conf like this
forward-tls-upstream: yes forward-addr: 91.239.100.100@853#anycast.uncensoreddns.org forward-addr: 1.1.1.1@853#cloudflare-dns.combut it didn't work (SERVFAIL).
Answer to myself (in case someone else ever needs this):
It is necessary to also add the following to the conf file:
server: tls-cert-bundle: /etc/ssl/certs/ca-certificates.crtso the validity of the certificates can be verified.
After that, you can add TLS upstream servers as mentioned in my previous post. I've decided for anycast.uncensoreddns.org and dns.quad9.net now.