Today my DNS redirect to TLS Cloudfare has fallen out of my work - I solved it by disabling forvarding.
Restart with re-attempt to revert settings to forward TLS Cloudfare did not work.
# /etc/resolver/resolver-debug.sh start
Start debug
== enable verbose logging (reboot to disable it) ==
> [count] => 0
[id] => 1
[cb] => function: 0xb4a25978
> > nil
> resolver.common=resolver
resolver.common.interface='0.0.0.0' '::0'
resolver.common.port='53'
resolver.common.keyfile='/etc/root.keys'
resolver.common.verbose='0'
resolver.common.msg_buffer_size='4096'
resolver.common.msg_cache_size='20M'
resolver.common.net_ipv6='1'
resolver.common.net_ipv4='1'
resolver.common.prefered_resolver='kresd'
resolver.common.prefetch='yes'
resolver.common.dynamic_domains='1'
resolver.common.ignore_root_key='0'
resolver.common.forward_upstream='1'
resolver.common.forward_custom='99_cloudflare'
resolver.kresd=resolver
resolver.kresd.rundir='/tmp/kresd'
resolver.kresd.forks='1'
resolver.kresd.keep_cache='0'
resolver.kresd.rpz_file='/etc/kresd/adb_list.overall'
resolver.kresd.log_stderr='1'
resolver.kresd.log_stdout='1'
resolver.unbound=resolver
resolver.unbound.outgoing_range='60'
resolver.unbound.outgoing_num_tcp='1'
resolver.unbound.incoming_num_tcp='1'
resolver.unbound.msg_cache_slabs='1'
resolver.unbound.num_queries_per_thread='30'
resolver.unbound.rrset_cache_size='100K'
resolver.unbound.rrset_cache_slabs='1'
resolver.unbound.infra_cache_slabs='1'
resolver.unbound.infra_cache_numhosts='200'
resolver.unbound.access_control='0.0.0.0/0 allow' '::0/0 allow'
resolver.unbound.pidfile='/var/run/unbound.pid'
resolver.unbound.root_hints='/etc/unbound/named.cache'
resolver.unbound.target_fetch_policy='2 1 0 0 0'
resolver.unbound.harden_short_bufsize='yes'
resolver.unbound.harden_large_queries='yes'
resolver.unbound.key_cache_size='100k'
resolver.unbound.key_cache_slabs='1'
resolver.unbound.neg_cache_size='10k'
resolver.unbound.prefetch_key='yes'
resolver.unbound_remote_control=resolver
resolver.unbound_remote_control.control_interface='127.0.0.1'
resolver.unbound_remote_control.control_enable='yes'
resolver.unbound_remote_control.control_use_cert='no'
== resolv.conf* ==
/etc/resolv.conf:search lan
/etc/resolv.conf:nameserver 127.0.0.1
/tmp/resolv.conf:search lan
/tmp/resolv.conf:nameserver 127.0.0.1
/tmp/resolv.conf.auto:# Interface wan
/tmp/resolv.conf.auto:nameserver 10.108.10.109
/tmp/resolv.conf.auto:nameserver 10.108.10.108
== DNSSEC root key file ==
3398ee3b8d9530982125f3d6f74788db /etc/root.keys
/etc/root.keys:. 172800 DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ; Valid: ; KeyTag:20326
. 172800 DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ; Valid: ; KeyTag:20326
== resolver process ==
10180 root 1108 S grep kresd
== configured trust anchors ==
== enable verbose logging (reboot to disable it) ==
== resolution attempts ==
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec api.turris.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23164
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;api.turris.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 42
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33613
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 43
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec www.facebook.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41173
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.facebook.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 45
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec www.youtube.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6305
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.youtube.com. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 44
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec www.rhybar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.rhybar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 42
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec *.wilda.rhybar.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50484
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;*.wilda.rhybar.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 52
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec *.wilda.nsec.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5393
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;*.wilda.nsec.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 50
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec *.wild.nsec.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25839
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;*.wild.nsec.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 49
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec *.wilda.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33398
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;*.wilda.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 45
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec *.wild.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53844
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;*.wild.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 44
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec www.wilda.nsec.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 8753
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.wilda.nsec.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 52
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec www.wilda.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2321
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.wilda.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 47
; <<>> DiG 9.12.3-P4 <<>> @127.0.0.1 +dnssec *.wilda.rhybar.ecdsa.0skar.cz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22766
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;*.wilda.rhybar.ecdsa.0skar.cz. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 26 13:33:01 CEST 2019
;; MSG SIZE rcvd: 58
Debug stated
2019/04/26 13:32:55 socat[10098] E connect(5, AF=1 "/tmp/kresd/tty/8971", 21): No such file or directory
2019/04/26 13:32:56 socat[10193] E connect(5, AF=1 "/tmp/kresd/tty/", 17): Connection refused
2019/04/26 13:32:56 socat[10202] E connect(5, AF=1 "/tmp/kresd/tty/", 17): Connection refused