[Dnsmasq-discuss] DNSSEC and Mozilla domains not working

Marcel Mutter info at marcelmutter.nl
Sun Jul 10 09:21:28 BST 2016


I have enabled a few weeks ago DNSSEC and all seems to be working. 
Yesterday I wanted to visit Mozilla.org and nothing happened. I see in 
that the request is being sent to the upstream nameserver however 
nothing is displayed by dnsmasq as response, I am running then "dnsmasq 
-d" with log enabled so I can see in realtime the output.

dnsmasq: query[A] ftp.mozilla.org from 192.168.xxx.xxx
dnsmasq: forwarded ftp.mozilla.org to 194.109.9.99
dnsmasq: dnssec-query[DS] org to 194.109.9.99
dnsmasq: dnssec-query[DNSKEY] . to 194.109.9.99
dnsmasq: reply . is DNSKEY keytag 19036, algo 8
dnsmasq: reply . is DNSKEY keytag 60615, algo 8
dnsmasq: reply . is DNSKEY keytag 46551, algo 8
dnsmasq: reply org is DS keytag 9795, algo 7, digest 1
dnsmasq: reply org is DS keytag 9795, algo 7, digest 2
dnsmasq: dnssec-query[DS] mozilla.org to 194.109.9.99
dnsmasq: dnssec-query[DNSKEY] org to 194.109.9.99
dnsmasq: reply org is DNSKEY keytag 2097, algo 7
dnsmasq: reply org is DNSKEY keytag 3177, algo 7
dnsmasq: reply org is DNSKEY keytag 9795, algo 7
dnsmasq: reply org is DNSKEY keytag 17883, algo 7
dnsmasq: reply mozilla.org is DS keytag 44421, algo 7, digest 1
dnsmasq: dnssec-query[DNSKEY] mozilla.org to 194.109.9.99

Also the same with mozilla.org and mozilla.com and firefox.com

The upstreamserver 194.109.9.99 is using Unbound.

When I directly to the upstream nameserver I get a good response. I am 
running dnsmasq 2.76-1 for Debian on the moment and I have updated it a 
few a hours ago from 2.72-3.



More information about the Dnsmasq-discuss mailing list