Unbound recursive DNS query always go to the same server

Hello

I am just configuring unbound.
I have a preconception to unbound recourse the DNS query through several server, but in a TCPDUMP it is only going to google:

11:10:38.336195 IP (tos 0x0, ttl 64, id 64077, offset 0, flags [none], proto UDP (17), length 85)
    192.168.0.118.34519 > 8.8.4.4.53: [udp sum ok] 23693+ [1au] A? NeTwORK.mObiLE.rAkuteN.CO.jp. ar: . OPT UDPsize=1232 DO (57)
11:10:38.336968 IP (tos 0x0, ttl 64, id 389, offset 0, flags [none], proto UDP (17), length 85)
    192.168.0.118.34382 > 8.8.8.8.53: [udp sum ok] 53861+ [1au] AAAA? NEtwoRk.MoBILE.RAKUten.CO.Jp. ar: . OPT UDPsize=1232 DO (57)
11:10:38.681835 IP (tos 0x0, ttl 119, id 50399, offset 0, flags [none], proto UDP (17), length 234)
    8.8.8.8.53 > 192.168.0.118.34382: [udp sum ok] 53861 q: AAAA? NEtwoRk.MoBILE.RAKUten.CO.Jp. 2/1/1 NEtwoRk.MoBILE.RAKUten.CO.Jp. [4m59s] CNAME network.mobile.rakuten.co.jp.edgekey.net., network.mobile.rakuten.co.jp.edgekey.net. [5h59m59s] CNAME e16215.a.akamaiedge.net. ns: a.akamaiedge.net. [2m22s] SOA n0a.akamaiedge.net. hostmaster.akamai.com. 1615373781 1000 1000 1000 1800 ar: . OPT UDPsize=512 DO (206)
11:10:38.681835 IP (tos 0x0, ttl 119, id 35485, offset 0, flags [none], proto UDP (17), length 189)
    8.8.4.4.53 > 192.168.0.118.34519: [udp sum ok] 23693 q: A? NeTwORK.mObiLE.rAkuteN.CO.jp. 3/0/1 NeTwORK.mObiLE.rAkuteN.CO.jp. [4m59s] CNAME network.mobile.rakuten.co.jp.edgekey.net., network.mobile.rakuten.co.jp.edgekey.net. [5h26m11s] CNAME e16215.a.akamaiedge.net., e16215.a.akamaiedge.net. [19s] A 184.30.21.213 ar: . OPT UDPsize=512 DO (161)
11:10:38.683931 IP (tos 0x0, ttl 64, id 64157, offset 0, flags [none], proto UDP (17), length 97)
    192.168.0.118.21321 > 8.8.4.4.53: [udp sum ok] 20089+ [1au] AAAA? netwoRK.MObile.raKuten.co.JP.EdGEkeY.NEt. ar: . OPT UDPsize=1232 DO (69)
11:10:38.685359 IP (tos 0x0, ttl 64, id 64158, offset 0, flags [none], proto UDP (17), length 97)
    192.168.0.118.39687 > 8.8.4.4.53: [udp sum ok] 45515+ [1au] A? NetWORK.mObiLE.RAkuTeN.co.jP.EdGEKey.NEt. ar: . OPT UDPsize=1232 DO (69)
11:10:38.762809 IP (tos 0x0, ttl 119, id 13742, offset 0, flags [none], proto UDP (17), length 192)
    8.8.4.4.53 > 192.168.0.118.21321: [udp sum ok] 20089 q: AAAA? netwoRK.MObile.raKuten.co.JP.EdGEkeY.NEt. 1/1/1 netwoRK.MObile.raKuten.co.JP.EdGEkeY.NEt. [5h59m59s] CNAME e16215.a.akamaiedge.NEt. ns: a.akamaiedge.NEt. [16m39s] SOA n0a.akamaiedge.NEt. hostmaster.akamai.com. 1615374638 1000 1000 1000 1800 ar: . OPT UDPsize=512 DO (164)
11:10:38.764517 IP (tos 0x0, ttl 64, id 392, offset 0, flags [none], proto UDP (17), length 80)
    192.168.0.118.38483 > 8.8.8.8.53: [udp sum ok] 16829+ [1au] AAAA? E16215.a.aKaMaieDGe.NET. ar: . OPT UDPsize=1232 DO (52)
11:10:38.772703 IP (tos 0x0, ttl 119, id 57519, offset 0, flags [none], proto UDP (17), length 147)
    8.8.4.4.53 > 192.168.0.118.39687: [udp sum ok] 45515 q: A? NetWORK.mObiLE.RAkuTeN.co.jP.EdGEKey.NEt. 2/0/1 NetWORK.mObiLE.RAkuTeN.co.jP.EdGEKey.NEt. [5h59m59s] CNAME e16215.a.akamaiedge.NEt., e16215.a.akamaiedge.NEt. [19s] A 184.30.21.213 ar: . OPT UDPsize=512 DO (119)
11:10:38.774324 IP (tos 0x0, ttl 64, id 64162, offset 0, flags [none], proto UDP (17), length 80)
    192.168.0.118.39861 > 8.8.4.4.53: [udp sum ok] 37756+ [1au] A? E16215.a.aKAMaIEDge.nET. ar: . OPT UDPsize=1232 DO (52)
11:10:38.823146 IP (tos 0x0, ttl 119, id 49627, offset 0, flags [none], proto UDP (17), length 141)
    8.8.8.8.53 > 192.168.0.118.38483: [udp sum ok] 16829 q: AAAA? E16215.a.aKaMaieDGe.NET. 0/1/1 ns: a.aKaMaieDGe.NET. [16m39s] SOA n0a.aKaMaieDGe.NET. hostmaster.akamai.com. 1615374638 1000 1000 1000 1800 ar: . OPT UDPsize=512 DO (113)
11:10:38.843589 IP (tos 0x0, ttl 119, id 30779, offset 0, flags [none], proto UDP (17), length 96)
    8.8.4.4.53 > 192.168.0.118.39861: [udp sum ok] 37756 q: A? E16215.a.aKAMaIEDge.nET. 1/0/1 E16215.a.aKAMaIEDge.nET. [19s] A 184.30.21.213 ar: . OPT UDPsize=512 DO (68)

I wonder what am i misconfigured?

i tried several config:

config unbound 'ub_main'
        option add_extra_dns '0'
        option add_local_fqdn '1'
        option add_wan_fqdn '0'
        option dhcp4_slaac6 '0'
        option dns64 '0'
        option dns64_prefix '64:ff9b::/96'
        option domain 'lan'
        option domain_type 'static'
        option edns_size '1232'
        option extended_stats '0'
        option hide_binddata '1'
        option interface_auto '1'
        option listen_port '53'
        option localservice '1'
        option manual_conf '0'
        option num_threads '1'
        option protocol 'default'
        option query_min_strict '0'
        option rate_limit '0'
        option rebind_localhost '0'
        option rebind_protection '1'
        option recursion 'default'
        option resource 'default'
        option root_age '9'
        option ttl_min '120'
        option validator '0'
        option validator_ntp '1'
        option verbosity '1'
        list iface_trig 'lan'
        list iface_trig 'wan'
        list iface_wan 'wan'
        option query_minimize '1'
        option dhcp_link 'odhcpd'
        option unbound_control '1'

config zone 'forward'
        option enabled '1'
        list zone_name '.'
        option dns_assist 'none'
        option zone_type 'forward_zone'
        option fallback '0'
        list server '8.8.8.8'
        list server '8.8.4.4'

other one

config unbound 'ub_main'
        option add_extra_dns '0'
        option add_local_fqdn '1'
        option add_wan_fqdn '0'
        option dhcp4_slaac6 '0'
        option dns64 '0'
        option dns64_prefix '64:ff9b::/96'
        option domain 'lan'
        option domain_type 'static'
        option edns_size '1232'
        option extended_stats '0'
        option hide_binddata '1'
        option interface_auto '1'
        option listen_port '53'
        option localservice '1'
        option manual_conf '0'
        option num_threads '1'
        option protocol 'default'
        option query_min_strict '0'
        option rate_limit '0'
        option rebind_localhost '0'
        option rebind_protection '1'
        option recursion 'default'
        option resource 'default'
        option root_age '9'
        option ttl_min '120'
        option validator '0'
        option validator_ntp '1'
        option verbosity '1'
        list iface_trig 'lan'
        list iface_trig 'wan'
        list iface_wan 'wan'
        option query_minimize '1'
        option dhcp_link 'odhcpd'
        option unbound_control '1'

config zone 'forward'
        option enabled '1'
        list zone_name '.'
        option dns_assist 'none'
        list server '8.8.8.8'
        list server '8.8.4.4'
        option fallback '1'
        option zone_type 'stub_zone'

Thank you

what's the device generating the google DNS traffic ?

Some apps (at least on Android) have Googles' DNSes hardcoded, you need to intercept the traffic, if you want to reroute it.

i trigger the query from the router:
root@BPRT-OWrt-01:~# nslookup network.mobile.rakuten.co.jp localhost

also sure it is through unbound.
if i configure TSL it is encrypted

Unbound works as recursive DNS by default without DoT.
Since you have configured DoT, it switches Unbound to DNS forwarder.
You cannot use DoT recursively.

Thank you vgaetera

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.