Ask Your Question
0

How to display unbound queries

asked 2021-09-20 14:47:47 +0000

viktak gravatar image

updated 2021-09-21 14:37:29 +0000

Dear All,

I am using unbound for DNS and would like to see the traffic it generates, but so far I haven't been able to do it. I am able to see pretty much any traffic I want on my network, but I can't see the traffic unbound generates.

I can see the unencrypted DNS requests/replies within my network, but I can't see what unbound does. Is there a reason for that?

The network is my home network, wired. There are also wireless clients, but in this case it is not relevant. Unbound is running on a Raspberry Pi that is also running PiHole.

I would appreciate any pointers - this has been driving me crazy for the last couple of days...

Thank you

edit retag flag offensive close merge delete

Comments

This looks like a capture problem first, then may or may not be a decode question.

Can you update the question title and description with information about the network - wired, wireless, devices?

Chuckc gravatar imageChuckc ( 2021-09-21 14:17:41 +0000 )edit

I added some more info about the network.

I agree that it may be a capture problem, for two reasons:

  1. everything else (well, so far...) IS visible in WS.
  2. I am just learning WS and (from my research on the subject) I understand there are capture filters and display filters. I found and use display filters, but I can't see any capture filters set. I think they are off, but I'm not sure.
viktak gravatar imageviktak ( 2021-09-21 14:41:20 +0000 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2021-09-21 16:46:23 +0000

Chuckc gravatar image

Are you making the packet capture on the RPi? If not, check the information in Ethernet capture setup

edit flag offensive delete link more

Comments

Thank you for putting me in the right direction. Moments into reading that page I realized that my PiHole is on a switched network and that's why I cannot see its traffic from my PC.

I did a capture on the rpi itself and now and there I can indeed see the unbound traffic.

Thank you for setting me straight! :)

viktak gravatar imageviktak ( 2021-09-21 17:06:54 +0000 )edit
add a comment
0

answered 2021-09-21 11:35:09 +0000

hugo.vanderkooij gravatar image

I guess you missed this part in the unbound advertisement:

To help increase online privacy, Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication.

Which I guess explains you are propably looking for the wrong packets.

edit flag offensive delete link more

Comments

I may be wrong, but encrypted traffic, in my opinion, is still traffic. And I cannot see that showing up. What I expect is to see encrypted traffic between unbound and an upstream DNS server. Which I don't.

Please explain where I am wrong.

viktak gravatar imageviktak ( 2021-09-21 11:43:54 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-09-20 14:47:47 +0000

Seen: 545 times

Last updated: Sep 21 '21

Related questions

DNSSEC response marked as Malformed

DNSSEC question