[Dnsmasq-discuss] BOGUS DNSSEC responses

[László Károlyi]

Hey,

I have a FreeBSD box where jails communicate with dnsmasq outside to
resolve each other's addresses (they get different IPs on
redeployments), and dnsmasq communicates with unbound where it needs to
resolve outside domains.

When running stuff from cron within the jails, sometimes hostnames don't
resolve and I started to investigate on the problem by turning debug log
on with dnsmasq. As it turns out, it complains about domain DNSSEC
errors, where they are properly configured. This happens with my domain
(attached in the logs), and outher domains (github,
updates.spamassassin.org) as well. I'm somewhat clueless as to why it
happens, so please see the log attached, with my own domain,
obsswitcher.com. What happens here is, I've set up a cronjob with curl
to run until it succeeds, that is:

while true; do curl -s 'https://obsswitcher.com/' && break || date; done

Sometimes hostname resolution succeeds at first time, sometimes it takes
200+ tries until it succeeds once, and quits. The attached log is the
one where it happened 200+ times before succeeding.

Any help is appreciated.

Cheers,
--
László Károlyi
http://linkedin.com/in/karolyi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200704/0af89c7c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dnslog.zip
Type: application/x-zip-compressed
Size: 5289 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200704/0af89c7c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200704/0af89c7c/attachment.sig>