[Dnsmasq-discuss] DNSSEC check unsigned vs sharepoint.com

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Fri Sep 9 15:24:34 BST 2016


Hi All,

Having some issues with my 'onedrive for business' application which in
turn uses 'sharepoint.com'.  Short version: dnsmasq 2.76 thinks
sharepoint.com is bogus.  Directly querying upstream servers is okay:

# drill -D @8.8.8.8 sharepoint.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 45014
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; sharepoint.com.      IN      A

;; ANSWER SECTION:
sharepoint.com. 20224   IN      CNAME   sharepoint.microsoft.com.
sharepoint.microsoft.com.       3346    IN      A       64.4.6.100
sharepoint.microsoft.com.       3346    IN      A       65.55.39.10

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 17 msec
;; EDNS: version 0; flags: do ; udp: 512
;; SERVER: 8.8.8.8
;; WHEN: Fri Sep  9 15:14:12 2016
;; MSG SIZE  rcvd: 110

If I disable 'check unsigned' on the router's dnsmasq instance things
work ok.

Why does dnsmasq think bogus, but google think ok?

Kevin



More information about the Dnsmasq-discuss mailing list