First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to display unbound queries

Dear All,

I am using unbound for DNS and would like to see the traffic it generates, but so far I haven't been able to do it. I am able to see pretty much any traffic I want on my network, but I can't see the traffic unbound generates.

I can see the unencrypted DNS requests/replies within my network, but I can't see what unbound does. Is there a reason for that?

The network is my home network, wired. There are also wireless clients, but in this case it is not relevant. Unbound is running on a Raspberry Pi that is also running PiHole.

I would appreciate any pointers - this has been driving me crazy for the last couple of days...

Thank you

viktak's avatar
1
viktak
asked 2021-09-20 14:47:47 +0000, updated 2021-09-21 14:37:29 +0000
edit flag offensive 0 remove flag close merge delete

Comments

This looks like a capture problem first, then may or may not be a decode question.

Can you update the question title and description with information about the network - wired, wireless, devices?

Chuckc's avatar Chuckc (2021-09-21 14:17:41 +0000) edit
more
  • delete

I added some more info about the network.

I agree that it may be a capture problem, for two reasons:

  1. everything else (well, so far...) IS visible in WS.
  2. I am just learning WS and (from my research on the subject) I understand there are capture filters and display filters. I found and use display filters, but I can't see any capture filters set. I think they are off, but I'm not sure.
viktak's avatar viktak (2021-09-21 14:41:20 +0000) edit
more
  • delete
add a comment see more comments

2 Answers

0

I guess you missed this part in the unbound advertisement:

To help increase online privacy, Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication.

Which I guess explains you are propably looking for the wrong packets.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2021-09-21 11:35:09 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I may be wrong, but encrypted traffic, in my opinion, is still traffic. And I cannot see that showing up. What I expect is to see encrypted traffic between unbound and an upstream DNS server. Which I don't.

Please explain where I am wrong.

viktak's avatar viktak (2021-09-21 11:43:54 +0000) edit
more
  • delete
add a comment see more comments
0

Are you making the packet capture on the RPi? If not, check the information in Ethernet capture setup

Chuckc's avatar
3k
Chuckc
answered 2021-09-21 16:46:23 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for putting me in the right direction. Moments into reading that page I realized that my PiHole is on a switched network and that's why I cannot see its traffic from my PC.

I did a capture on the rpi itself and now and there I can indeed see the unbound traffic.

Thank you for setting me straight! :)

viktak's avatar viktak (2021-09-21 17:06:54 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer