
<!DOCTYPE html>

<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <div class="moz-cite-prefix">On 22.06.25 06:18, WJ Park wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAOVBd0Fu1GTise1TH1Do9soGXvEiRtuXj8PSac3pyEoYGwjRQg@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_default">

          <div class="gmail_default">I found https/svcb response is

            missing answer. is there anything I could do make this

            right?</div>

          <div class="gmail_default"><br>

          </div>

          <div class="gmail_default">```dnsmasq.conf</div>

          <div class="gmail_default">domain-needed<br>

            bogus-priv<br>

            dnssec<br>

            dnssec-check-unsigned<br>

            filterwin2k<br>

            strict-order<br>

            no-resolv<br>

            no-poll<br>

            conf-file=/etc/dnsmasq.d/trust-anchors.conf<br>

            server=127.0.0.1<br>

            listen-address=127.0.0.1<br>

            interface=lo<br>

            bind-interfaces<br>

            no-hosts<br>

            dhcp-range=interface:lo,127.0.0.1,127.0.0.1,12h<br>

            dhcp-leasefile=/var/lib/misc/dnsmasq.leases<br>

            cache-size=1000<br>

            cache-rr=ANY<br>

            no-negcache<br>

            conf-dir=/etc/dnsmasq.d/,*.conf<br>

            strip-mac<br>

            strip-subnet<br>

            local-service<br>

            dns-loop-detect<br>

            log-queries<br>

            log-dhcp<br>

          </div>

          <div class="gmail_default">```</div>

        </div>

      </div>

    </blockquote>

    <p>I'm going to assume that you've shared your configuration in

      full, i.e. there aren't any additional conf files under

      /etc/dnsmasq.d/.<br>

    </p>

    <p>Your configuration doesn't make sense, like using 'strict-order'

      when there's only one upstream server, or defining 'dhcp-range'

      for just the loopback address.</p>

    <p>Your main fault is providing the loopback address as the only

      server, thus instructing dnsmasq to forward DNS requests to

      itself, closing a DNS loop:</p>

    <p>> server=127.0.0.1</p>

    <p>Apart from DNS records you may have defined locally, this will

      prevent dnsmasq from resolving anything: Your current

      configuration will always result in REFUSED replies (not only for

      HTTPS or SVCB type requests).</p>

    <p>You should point dnsmasq to at least one public DNS resolver,

      e.g.</p>

    <p>server=1.1.1.1<br>

    </p>

    <p><br>

    </p>

    Kind regards,<br>

    <p>    Buck</p>

    <p><br>

    </p>

  </body>

</html>