Hi guys! So…I have a self-hosted DNS server. Initially I’d use pihole, with unbound, and the more or less basic blocklists. But from time to time things would start acting wonky. Sometimes a reboot would fix it. Sometimes…not really and I was really not sure what was going wrong, but it was clearly DNS. Changing the clients settings from my own server to something like 9.9.9.9 would immediately get it sorted out.
So I went with an adguard server. In the last few days I’ve started to notice weird behaviors. Today I’ve lost the Azure desktop I was connected, and it was very clearly looking like DNS. So I checked…and yup, 9.9.9.9 again would sort it all out. So…I’m not sure what’s going wrong. I’m selfhosting these on an LXC container in proxmox. Nothing else seems to have issues connecting, and I see almost no resources being used. Any ideas? Any other DNS server I might be able to try?
Thanks!
My 2c.
Changing “DNS” won’t fix it. There are two DNS: dnsmasq and unbound (and bind, ok). What else you use doesn’t matter (pihole, adguard, opnSense) at the end of the day it’s always them inside.
In my experience ISPs will block your direct DNS queries overtime, so it might be that. I set up my unbound as caching and forwarding, not as a pure resolver. This fixed all my issues with DNS self hosted. You can forward to 9.9.9.9 if you like it.
Another issue might be with your blocklists of course, your azure might have been temporary listed maybe.
Over time I ended up choosing a very lax blocklist setup due to this reason
I have no idea what ISP you’re using, but that’s probably not true. Lots of devices have hard-coded DNS servers and nothing would work if ISPs stated blocking dns upstream queries.
Above some threshold, the one you will cross when filtering port 53 in your network and setup a custom full resolver, it can happen.
I experienced it, it seems they filter excess dns traffic from inside. Probably more a malware/anti spam measure than an actually DNS blocking.