I might also suggest pdns-recursor. very fast. Sent from my iPhone
> On Aug 8, 2022, at 4:18 PM, Demi Marie Obenour <demioben...@gmail.com> wrote: > > On 8/7/22 09:50, Linkcheck wrote: >>> On 07/08/2022 1:12 pm, Rob McGee wrote: >>> dig 2.0.0.127.zen.spamhaus.org. any >> >> ANY has to be after DIG, not at the end, but... >> >> ================ >> ; <<>> DiG 9.10.3-P4-Ubuntu <<>> any 2.0.0.127.zen.spamhaus.org. >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18750 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;2.0.0.127.zen.spamhaus.org. IN ANY >> >> ;; ANSWER SECTION: >> 2.0.0.127.zen.spamhaus.org. 3579 IN A 127.255.255.254 >> >> ;; Query time: 1 msec >> ;; SERVER: 127.0.0.1#53(127.0.0.1) >> ;; WHEN: Sun Aug 07 14:34:59 BST 2022 >> ;; MSG SIZE rcvd: 71 >> ================ >> >> And I use a local copy of Unbound for all DNS work. > > You need to check the following: > > 1. Unbound MUST be operating as a recursive resolver, NOT a > stub resolver. That means that it is making requests from > upstream nameservers directly, rather than via an upstream > recursive resolver. In the case of Unbound, this means that all > forward-zone: directives in the configuration file must be removed, > unless they are restricted (via name:) to zones that are not a > suffix of zen.spamhaus.org. > > 2. Your instance of Unbound MUST NOT be accessible from the Internet. > That is, unauthorized users must not be able to submit DNS queries > to it. If they can, I suspect it would be considered a public > recursive resolver and blocked. > > Can you provide your `unbound.conf` as well as all of the files > it includes? > -- > Sincerely, > Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: Binary data
OpenPGP_signature
Description: Binary data
