On Fri, Dec 06, 2013 at 12:42:09PM -0500, Chris Smith wrote: > > The lwtitle.com mx and lwtitle.com txt queries both fail for me here > and I run unbound as a resolver on my firewall and I pass the DNS leak > test. >
Just out of curiosity: If you are running unbound on the firewall, why are you querying the troublesome resolver directly? Do you get the same result when querying the local unbound? > > The one network of the 4 that I do get a proper answer on has an older > version of OpenBSD on its firewall (4.9) while all the ones that are > failing for me run a fairly current (or even -current) version. > Are you running dig from the firewall or a client behind the firewall? How about tcpdumping the traffic on all affected interfaces and comparing the results between the working location and a non-working one in order to see if anything funky is happening on the wire? Regards, Patrik Lundin
