[Dnsmasq-discuss] Cannot look up disa.mil (dnssec related)
Matthias Andree
matthias.andree at gmx.de
Mon Oct 22 22:34:01 BST 2018
Am 22.10.18 um 18:56 schrieb Craig Andrews:
> I'm unable to look up *.disa.mil when using dnsmasq - I'm hoping that
> we can figure out why that is.
Works for me with dnsmasq 2.80 (release) and a local unbound as upstream:
Unbound:
> $ dig disa.mil @127.0.0.1 +dnssec +short
> 156.112.108.76
> A 8 2 7200 20181117145327 20181018145327 52983 disa.mil.
> dMS5WbQ5xJ0HuCBPZUkuoshf0A2n1tvxA75smhcFZNS5SHSOA0zsQaSc
> YOzNdu5gH6qFXA7TbKhPYN0RcPD+vVcmtfbzv3eJZfh4343IXlBznG6w
> aLaLt+kI6GGnPQ7skNWOcO4yLct+yaeNxTT95CZnHtwRUx3vzGHS3dJF GYc=
Dnsmasq:
> $ dig disa.mil @192.168.33.129 +dnssec +short
> 156.112.108.76
> A 8 2 7200 20181117145327 20181018145327 52983 disa.mil.
> dMS5WbQ5xJ0HuCBPZUkuoshf0A2n1tvxA75smhcFZNS5SHSOA0zsQaSc
> YOzNdu5gH6qFXA7TbKhPYN0RcPD+vVcmtfbzv3eJZfh4343IXlBznG6w
> aLaLt+kI6GGnPQ7skNWOcO4yLct+yaeNxTT95CZnHtwRUx3vzGHS3dJF GYc=
Note however that 1.1.1.1 does NOT return dnssec info, just the bare
address, which may already be the point... use it in dig's @... option
to see the difference to Google's DNS resolver.
HTH,
Matthias
More information about the Dnsmasq-discuss
mailing list