[Dnsmasq-discuss] SERVFAIL logging
Dominik
dl6er at dl6er.de
Sat Apr 28 10:40:27 BST 2018
Dear dnsmasq list members,
I'm running an unbound recursive DNS server. It is the only forwarding
destination of my local dnsmasq instance. The unbound resolver is aware
of DNSSEC and handles it well. I have NOT enabled DNSSEC support in
dnsmasq itself, as it was sometimes giving wrong/strange behavior (the
same domains were sometimes SECURE, sometimes BOGUS). I'm running
dnsmasq 2.79.
If I query a BOGUS domain directly from my unbound resolver (e.g., dig
www.dnssec-failed.org), I'm getting a SERVFAIL response. dnsmasq simply
forwards this SERVFAIL to the requesting client and hence they are
protected against BOGUS domain records just as expected.
However, looking into dnsmasq's log file, I only see
Apr 28 11:36:13 dnsmasq[440]: 132 192.168.2.209/43506 query[A]
www.dnssec-failed.org from 192.168.2.209
Apr 28 11:36:13 dnsmasq[440]: 132 192.168.2.209/43506 forwarded
www.dnssec-failed.org to 127.0.0.1
The SERVFAIL event is never logged.
Could this be added without too much effort?
Best regards,
Dominik
More information about the Dnsmasq-discuss
mailing list