NextDNS just reenabled and I got:
❯ dig www.duckduckgo.com
; <<>> DiG 9.16.18-RH <<>> www.duckduckgo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16745
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.duckduckgo.com. IN A
;; Query time: 147 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: jeu. juil. 15 18:44:17 CEST 2021
;; MSG SIZE rcvd: 47
For duckduckgo.com, I have answer this time - If I remember well, I didn't yesterday.
My router is based on ipfire which use unbound and enforce dnssec if I'm correct. Could it be related ?
❯ dig www.duckduckgo.com @10.251.0.1
; <<>> DiG 9.16.18-RH <<>> www.duckduckgo.com @10.251.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62329
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.duckduckgo.com. IN A
;; Query time: 192 msec
;; SERVER: 10.251.0.1#53(10.251.0.1)
;; WHEN: jeu. juil. 15 18:47:03 CEST 2021
;; MSG SIZE rcvd: 47
~
❯ dig duckduckgo.com @10.251.0.1
; <<>> DiG 9.16.18-RH <<>> duckduckgo.com @10.251.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32116
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;duckduckgo.com. IN A
;; ANSWER SECTION:
duckduckgo.com. 60 IN A 40.114.177.246
;; Query time: 2 msec
;; SERVER: 10.251.0.1#53(10.251.0.1)
;; WHEN: jeu. juil. 15 18:47:07 CEST 2021
;; MSG SIZE rcvd: 59
