From nobody Mon May 15 05:09:35 2023
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QKS9M6ZRMz4B8Wx
	for <questions@mlmmj.nyi.freebsd.org>; Mon, 15 May 2023 05:09:59 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Received: from new1-smtp.messagingengine.com (new1-smtp.messagingengine.com [66.111.4.221])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QKS9L59zxz3Dmt
	for <questions@freebsd.org>; Mon, 15 May 2023 05:09:58 +0000 (UTC)
	(envelope-from dch@skunkwerks.at)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=skunkwerks.at header.s=fm2 header.b=azMIikpD;
	dkim=pass header.d=messagingengine.com header.s=fm1 header.b="w06iLe/w";
	spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.221 as permitted sender) smtp.mailfrom=dch@skunkwerks.at;
	dmarc=pass (policy=none) header.from=skunkwerks.at
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailnew.nyi.internal (Postfix) with ESMTP id 467625803BB
	for <questions@freebsd.org>; Mon, 15 May 2023 01:09:57 -0400 (EDT)
Received: from imap44 ([10.202.2.94])
  by compute1.internal (MEProxy); Mon, 15 May 2023 01:09:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at;
	 h=cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:sender
	:subject:subject:to:to; s=fm2; t=1684127397; x=1684134597; bh=yM
	Vyda8jSzIVFyt4ezxZui/uJVG2kDM/rsfrMMHK0GU=; b=azMIikpDru5JgeL1E/
	MExSTvKBepOk4jWZlDsGKCm76QQShJ64QshLiUdsVVy1YB/7IFdFpBD8YhgmsYR5
	6yyxEU1Is1JMRoqgxi1GRcap+obOjX2MWzI+B+z7QCvU+teHeDfOkUkbv6JyjNUj
	rLosyWGTwZBTNWMJ/21EkDkJ00FJ/LEt5y57Psi4dYJzmMswZoLcgmUZXOgeVJzN
	k575O0v5jEjYqTjrjA+bwRndeaQx0n9Axmz/zCcnalPUm16QLR299J/VeWsXw3JD
	x+TPbh134K4T/LHvL/3/3AqW2iAfpKuzPVqmmj9ojW0CYeBspvYulZ7guYktfc0q
	z7WQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm1; t=1684127397; x=1684134597; bh=yMVyda8jSzIVF
	yt4ezxZui/uJVG2kDM/rsfrMMHK0GU=; b=w06iLe/wl6Pvdft5QJeQAIu9AZZPZ
	YzCjPnxZKEoX5a0BTm7Iy7ZpMyypm6XaS5FrAZbHityKuM0l1twp5DCI7/rCyI/P
	I1M+lTA68v/EMeLFCbs7936y5l6VReWmzemYpRnwNSgYsqyVWKCBSPZjtVQ/B8Nu
	N4PdrLoJLhUkNuCZ0ICql8Ni0v+WMG44HL7nSNVVzLCGEAEpGpVcX5JveF5GSPg3
	v2KV/C9SH5oBCR3sW/gcdEWcG+QkJ+h94X7neLsYd5iu1feK2RDqsigB7P9y7z2I
	yzaQdVhdGQd6np9ZnzMb/Zx+9k4Qtw7UHXn6GccnzwXs1CcqhGw4GiMFQ==
X-ME-Sender: <xms:pb5hZAJukNZlP1heTURzVNMyFO7js6vU9m_treUEkRDEHDRXjOX-3g>
    <xme:pb5hZAK_IoxU-5fEYeaczTEFcb-IENzJHd79K18UqmoU70F42lzcfpD2bFRvhLsEU
    NH7WgMLBh_9wKxp_w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeehiedgledvucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd
    ertderredtnecuhfhrohhmpedfffgrvhgvucevohhtthhlvghhuhgsvghrfdcuoegutghh
    sehskhhunhhkfigvrhhkshdrrghtqeenucggtffrrghtthgvrhhnpeekueevleegheeive
    eluedtleegteeljefhjefffeetvdelvedutdejgfegudfgteenucffohhmrghinhepqhhu
    rgguledrnhgvthenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh
    hrohhmpegutghhsehskhhunhhkfigvrhhkshdrrght
X-ME-Proxy: <xmx:pb5hZAt4n6utKKPOTuGLhX02UNHfOXJktchesb8-O8U0hcaZg_wZMw>
    <xmx:pb5hZNZqx9EumU52U2BBEr6BLc8pCMYIAmEUUlduKYhbBVQ1jImTmg>
    <xmx:pb5hZHaFcMlbW4PPuCs7TYIbJffI8uCzVb7yQPGtzpTRMX5PNEY8zw>
    <xmx:pb5hZAnXiw0Y_E6hXQ2i33t_d7StNxyjaogC52kxAZ3OcvqTxVdH4A>
Feedback-ID: ic0e84090:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id EDBE036A0073; Mon, 15 May 2023 01:09:56 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-415-gf2b17fe6c3-fm-20230503.001-gf2b17fe6
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
Mime-Version: 1.0
Message-Id: <6538db87-9927-4bd9-a837-d66137c933a3@app.fastmail.com>
In-Reply-To: <20230513174552.6d1a05e8@dismail.de>
References: <20230513053351.6e101f66@dismail.de>
 <4d7fe7b8-bbd5-e10d-41ee-2b6d46ddb39a@slagle.net>
 <20230513174552.6d1a05e8@dismail.de>
Date: Mon, 15 May 2023 05:09:35 +0000
From: "Dave Cottlehuber" <dch@skunkwerks.at>
To: questions@freebsd.org
Subject: Re: unbound
Content-Type: text/plain
X-Spamd-Result: default: False [-4.69 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	MV_CASE(0.50)[];
	DMARC_POLICY_ALLOW(-0.50)[skunkwerks.at,none];
	R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm2,messagingengine.com:s=fm1];
	R_SPF_ALLOW(-0.20)[+ip4:66.111.4.221];
	RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.221:from];
	MIME_GOOD(-0.10)[text/plain];
	RWL_MAILSPIKE_GOOD(-0.10)[66.111.4.221:from];
	XM_UA_NO_VERSION(0.01)[];
	FREEFALL_USER(0.00)[dch];
	FROM_HAS_DN(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org];
	ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US];
	RCVD_TLS_LAST(0.00)[];
	RCVD_COUNT_THREE(0.00)[4];
	TO_DN_NONE(0.00)[];
	ARC_NA(0.00)[];
	DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	MLMMJ_DEST(0.00)[questions@freebsd.org]
X-Rspamd-Queue-Id: 4QKS9L59zxz3Dmt
X-Spamd-Bar: ----
X-ThisMailContainsUnwantedMimeParts: N

On Sat, 13 May 2023, at 21:45, LuMiWa wrote:
>> > It worked years without problem but this weeks stopped. I remowed
>> > forward-tls... and port 853 and it works again but it is not the
>> > same.
>> > 
>> > Thank you.

What doesn't work, specifically? When you run unbound in the foreground,
do you see any errors?

For debugging, stop local_unbound, add `logfile: ""` to your `server:`
block in unbound.conf, and then run it in foreground:

/usr/sbin/local-unbound -c /var/unbound/unbound.conf -dvvvv

Adjust -v as required.

https://support.quad9.net/hc/en-us/articles/7200715305997-DNS-over-TLS-FreeBSD-with-local-unbound has a full config on their site, which can be summarised as defaults +

forward-zone:
        name: "."
        forward-tls-upstream: yes               # Use DNS-over-TLS
        forward-first: no                       # do NOT send direct

# 9.9.9.9 - Threat-blocking with DNSSEC
        forward-addr: 9.9.9.9@853#dns.quad9.net
        forward-addr: 149.112.112.112@853#dns.quad9.net

A+
Dave