<div dir="ltr"><div class="gmail_default" style="font-family:arial black,sans-serif">Hi, Buck.</div><div class="gmail_default" style="font-family:arial black,sans-serif">Thank you for response.</div><div class="gmail_default" style="font-family:arial black,sans-serif"><br></div><div class="gmail_default" style="font-family:arial black,sans-serif">You are right. it was incorrect.</div><div class="gmail_default" style="font-family:arial black,sans-serif"><br></div><div class="gmail_default" style="font-family:arial black,sans-serif">Have a good day!</div><div class="gmail_default" style="font-family:arial black,sans-serif">-Wooae Park<br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sun, Jun 22, 2025 at 5:10 PM Buck Horn via Dnsmasq-discuss <<a href="mailto:dnsmasq-discuss@lists.thekelleys.org.uk">dnsmasq-discuss@lists.thekelleys.org.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<div>On 22.06.25 06:18, WJ Park wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default">
<div class="gmail_default">I found https/svcb response is
missing answer. is there anything I could do make this
right?</div>
<div class="gmail_default"><br>
</div>
<div class="gmail_default">```dnsmasq.conf</div>
<div class="gmail_default">domain-needed<br>
bogus-priv<br>
dnssec<br>
dnssec-check-unsigned<br>
filterwin2k<br>
strict-order<br>
no-resolv<br>
no-poll<br>
conf-file=/etc/dnsmasq.d/trust-anchors.conf<br>
server=127.0.0.1<br>
listen-address=127.0.0.1<br>
interface=lo<br>
bind-interfaces<br>
no-hosts<br>
dhcp-range=interface:lo,127.0.0.1,127.0.0.1,12h<br>
dhcp-leasefile=/var/lib/misc/dnsmasq.leases<br>
cache-size=1000<br>
cache-rr=ANY<br>
no-negcache<br>
conf-dir=/etc/dnsmasq.d/,*.conf<br>
strip-mac<br>
strip-subnet<br>
local-service<br>
dns-loop-detect<br>
log-queries<br>
log-dhcp<br>
</div>
<div class="gmail_default">```</div>
</div>
</div>
</blockquote>
<p>I'm going to assume that you've shared your configuration in
full, i.e. there aren't any additional conf files under
/etc/dnsmasq.d/.<br>
</p>
<p>Your configuration doesn't make sense, like using 'strict-order'
when there's only one upstream server, or defining 'dhcp-range'
for just the loopback address.</p>
<p>Your main fault is providing the loopback address as the only
server, thus instructing dnsmasq to forward DNS requests to
itself, closing a DNS loop:</p>
<p>> server=127.0.0.1</p>
<p>Apart from DNS records you may have defined locally, this will
prevent dnsmasq from resolving anything: Your current
configuration will always result in REFUSED replies (not only for
HTTPS or SVCB type requests).</p>
<p>You should point dnsmasq to at least one public DNS resolver,
e.g.</p>
<p>server=1.1.1.1<br>
</p>
<p><br>
</p>
Kind regards,<br>
<p> Buck</p>
<p><br>
</p>
</div>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div>