[Dnsmasq-discuss] I have to restart dnsmasq everyday

Johnny Appleseed nbm077 at riseup.net
Sat May 28 18:56:20 BST 2016 

I have to reset dnsmasq everyday because it registers known sites as 
BOGUS.  using dnsmasq , dnssec, dnscrypt-proxy.


May 28 10:51:45 dnsmasq[51]: query[A] wikipedia.org from 127.0.0.1
May 28 10:51:45 dnsmasq[51]: forwarded wikipedia.org to 127.0.0.1
May 28 10:51:45 dnsmasq[51]: dnssec-query[DS] wikipedia.org to 127.0.0.1
May 28 10:51:46 dnsmasq[51]: dnssec-query[DNSKEY] org to 127.0.0.1
May 28 10:51:46 dnsmasq[51]: reply wikipedia.org is 91.198.174.192
May 28 10:51:46 dnsmasq[1078]: query[A] wikipedia.org from 127.0.0.1
May 28 10:51:46 dnsmasq[1078]: forwarded wikipedia.org to 127.0.0.1
May 28 10:51:46 dnsmasq[1078]: dnssec-query[DS] wikipedia.org to 127.0.0.1
May 28 10:51:46 dnsmasq[1078]: validation wikipedia.org is BOGUS
May 28 10:51:46 dnsmasq[1078]: reply wikipedia.org is 91.198.174.192
May 28 10:52:08 dnsmasq[51]: exiting on receipt of SIGTERM
May 28 10:52:08 dnsmasq[1095]: started, version 2.75 cachesize 8192
May 28 10:52:08 dnsmasq[1095]: compile time options: IPv6 GNU-getopt 
no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset 
auth DNSSEC loop-detect no-inotify
May 28 10:52:08 dnsmasq[1095]: DNSSEC validation enabled
May 28 10:52:08 dnsmasq[1095]: setting --bind-interfaces option because 
of OS limitations
May 28 10:52:08 dnsmasq[1095]: using nameserver 127.0.0.1#5355
May 28 10:52:08 dnsmasq[1095]: read /etc/hosts - 3 addresses
May 28 10:52:15 dnsmasq[1095]: query[A] www.gstatic.com from 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: forwarded www.gstatic.com to 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: dnssec-query[DS] com to 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: dnssec-query[DNSKEY] . to 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: query[A] google.com from 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: forwarded google.com to 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: query[A] www.google.com from 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: forwarded www.google.com to 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: query[A] wikipedia.org from 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: forwarded wikipedia.org to 127.0.0.1
May 28 10:52:15 dnsmasq[1095]: reply . is DNSKEY keytag 19036
May 28 10:52:15 dnsmasq[1095]: reply . is DNSKEY keytag 60615
May 28 10:52:15 dnsmasq[1095]: reply com is DS keytag 30909
May 28 10:52:15 dnsmasq[1095]: dnssec-query[DS] gstatic.com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DS] google.com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DS] google.com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DS] org to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DNSKEY] com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DNSKEY] com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: query[A] clients4.google.com from 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded clients4.google.com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DNSKEY] com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: reply org is DS keytag 9795
May 28 10:52:16 dnsmasq[1095]: reply org is DS keytag 9795
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DS] wikipedia.org to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: reply com is DNSKEY keytag 34745
May 28 10:52:16 dnsmasq[1095]: reply com is DNSKEY keytag 30909
May 28 10:52:16 dnsmasq[1095]: reply gstatic.com is no DS
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply www.gstatic.com is 216.58.194.99
May 28 10:52:16 dnsmasq[1095]: reply com is DNSKEY keytag 30909
May 28 10:52:16 dnsmasq[1095]: reply com is DNSKEY keytag 34745
May 28 10:52:16 dnsmasq[1095]: reply google.com is no DS
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply google.com is 216.58.194.110
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply clients4.google.com is <CNAME>
May 28 10:52:16 dnsmasq[1095]: reply clients.l.google.com is 216.58.194.110
May 28 10:52:16 dnsmasq[1095]: reply com is DNSKEY keytag 34745
May 28 10:52:16 dnsmasq[1095]: reply com is DNSKEY keytag 30909
May 28 10:52:16 dnsmasq[1095]: reply google.com is no DS
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply www.google.com is 172.217.16.196
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DNSKEY] org to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: query[A] apis.google.com from 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded apis.google.com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: query[A] clients1.google.ca from 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded clients1.google.ca to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: query[A] encrypted-tbn0.gstatic.com from 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded encrypted-tbn0.gstatic.com to 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: query[A] encrypted-tbn1.gstatic.com from 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded encrypted-tbn1.gstatic.com to 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: query[A] plus.google.com from 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded plus.google.com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: reply org is DNSKEY keytag 12510
May 28 10:52:16 dnsmasq[1095]: reply org is DNSKEY keytag 52860
May 28 10:52:16 dnsmasq[1095]: reply org is DNSKEY keytag 9795
May 28 10:52:16 dnsmasq[1095]: reply org is DNSKEY keytag 17883
May 28 10:52:16 dnsmasq[1095]: reply wikipedia.org is no DS
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply wikipedia.org is 91.198.174.192
May 28 10:52:16 dnsmasq[1095]: query[A] wikipedia.org from 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: cached wikipedia.org is 91.198.174.192
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply apis.google.com is <CNAME>
May 28 10:52:16 dnsmasq[1095]: reply plus.l.google.com is 216.58.194.110
May 28 10:52:16 dnsmasq[1095]: query[A] encrypted-tbn3.gstatic.com from 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded encrypted-tbn3.gstatic.com to 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply encrypted-tbn0.gstatic.com is 
216.58.194.110
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply encrypted-tbn1.gstatic.com is 
216.58.194.110
May 28 10:52:16 dnsmasq[1095]: query[A] lh3.googleusercontent.com from 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded lh3.googleusercontent.com to 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply plus.google.com is 216.58.194.110
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DS] ca to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: query[A] www.google-analytics.com from 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded www.google-analytics.com to 
127.0.0.1
May 28 10:52:16 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:16 dnsmasq[1095]: reply encrypted-tbn3.gstatic.com is 
216.58.194.110
May 28 10:52:16 dnsmasq[1095]: query[A] play.google.com from 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: forwarded play.google.com to 127.0.0.1
May 28 10:52:16 dnsmasq[1095]: dnssec-query[DS] googleusercontent.com to 
127.0.0.1
May 28 10:52:17 dnsmasq[1095]: reply ca is DS keytag 35519
May 28 10:52:17 dnsmasq[1095]: dnssec-query[DS] google.ca to 127.0.0.1
May 28 10:52:17 dnsmasq[1095]: dnssec-query[DS] google-analytics.com to 
127.0.0.1
May 28 10:52:17 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:17 dnsmasq[1095]: reply play.google.com is <CNAME>
May 28 10:52:17 dnsmasq[1095]: reply play.l.google.com is 216.58.194.110
May 28 10:52:17 dnsmasq[1095]: query[A] www.wikipedia.org from 127.0.0.1
May 28 10:52:17 dnsmasq[1095]: forwarded www.wikipedia.org to 127.0.0.1
May 28 10:52:17 dnsmasq[1095]: reply googleusercontent.com is no DS
May 28 10:52:17 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:17 dnsmasq[1095]: reply lh3.googleusercontent.com is <CNAME>
May 28 10:52:17 dnsmasq[1095]: reply 
googlehosted.l.googleusercontent.com is 216.58.194.97
May 28 10:52:17 dnsmasq[1095]: dnssec-query[DNSKEY] ca to 127.0.0.1
May 28 10:52:17 dnsmasq[1095]: reply google-analytics.com is no DS
May 28 10:52:17 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:17 dnsmasq[1095]: reply www.google-analytics.com is <CNAME>
May 28 10:52:17 dnsmasq[1095]: reply www-google-analytics.l.google.com 
is 216.58.194.110
May 28 10:52:17 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:17 dnsmasq[1095]: reply www.wikipedia.org is 91.198.174.192
May 28 10:52:17 dnsmasq[1095]: reply ca is DNSKEY keytag 35519
May 28 10:52:17 dnsmasq[1095]: reply ca is DNSKEY keytag 54385
May 28 10:52:17 dnsmasq[1095]: reply google.ca is no DS
May 28 10:52:17 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:17 dnsmasq[1095]: reply clients1.google.ca is <CNAME>
May 28 10:52:17 dnsmasq[1095]: reply clients-cctld.l.google.com is 
216.58.194.99
May 28 10:52:29 dnsmasq[1095]: query[A] docs.google.com from 127.0.0.1
May 28 10:52:29 dnsmasq[1095]: forwarded docs.google.com to 127.0.0.1
May 28 10:52:30 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:30 dnsmasq[1095]: reply docs.google.com is 216.58.194.110
May 28 10:52:30 dnsmasq[1095]: query[A] drive.google.com from 127.0.0.1
May 28 10:52:30 dnsmasq[1095]: forwarded drive.google.com to 127.0.0.1
May 28 10:52:30 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:30 dnsmasq[1095]: reply drive.google.com is 216.58.194.110
May 28 10:52:31 dnsmasq[1095]: query[A] csi.gstatic.com from 127.0.0.1
May 28 10:52:31 dnsmasq[1095]: forwarded csi.gstatic.com to 127.0.0.1
May 28 10:52:31 dnsmasq[1095]: query[A] fonts.gstatic.com from 127.0.0.1
May 28 10:52:31 dnsmasq[1095]: forwarded fonts.gstatic.com to 127.0.0.1
May 28 10:52:31 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:31 dnsmasq[1095]: reply csi.gstatic.com is 216.58.210.3
May 28 10:52:31 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:31 dnsmasq[1095]: reply fonts.gstatic.com is <CNAME>
May 28 10:52:31 dnsmasq[1095]: reply gstaticadssl.l.google.com is 
216.58.194.99
May 28 10:52:47 dnsmasq[1095]: query[A] clients1.google.com from 127.0.0.1
May 28 10:52:47 dnsmasq[1095]: forwarded clients1.google.com to 127.0.0.1
May 28 10:52:47 dnsmasq[1095]: validation result is INSECURE
May 28 10:52:47 dnsmasq[1095]: reply clients1.google.com is <CNAME>
May 28 10:52:47 dnsmasq[1095]: reply clients.l.google.com is 216.58.194.110
May 28 10:53:07 dnsmasq[1095]: query[AAAA] api.facebook.com from 127.0.0.1
May 28 10:53:07 dnsmasq[1095]: forwarded api.facebook.com to 127.0.0.1
May 28 10:53:07 dnsmasq[1095]: query[A] api.facebook.com from 127.0.0.1
May 28 10:53:07 dnsmasq[1095]: forwarded api.facebook.com to 127.0.0.1
May 28 10:53:07 dnsmasq[1095]: dnssec-query[DS] facebook.com to 127.0.0.1
May 28 10:53:07 dnsmasq[1095]: dnssec-query[DS] facebook.com to 127.0.0.1
May 28 10:53:07 dnsmasq[1095]: reply facebook.com is no DS
May 28 10:53:07 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:07 dnsmasq[1095]: reply api.facebook.com is <CNAME>
May 28 10:53:07 dnsmasq[1095]: reply star.c10r.facebook.com is 
2a03:2880:f00a:8:face:b00c::2
May 28 10:53:07 dnsmasq[1095]: reply facebook.com is no DS
May 28 10:53:07 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:07 dnsmasq[1095]: reply api.facebook.com is <CNAME>
May 28 10:53:07 dnsmasq[1095]: reply star.c10r.facebook.com is 31.13.72.8
May 28 10:53:07 dnsmasq[1095]: query[A] star.c10r.facebook.com from 
127.0.0.1
May 28 10:53:07 dnsmasq[1095]: cached star.c10r.facebook.com is 31.13.72.8
May 28 10:53:09 dnsmasq[1095]: query[AAAA] caldav.calendar.yahoo.com 
from 127.0.0.1
May 28 10:53:09 dnsmasq[1095]: forwarded caldav.calendar.yahoo.com to 
127.0.0.1
May 28 10:53:09 dnsmasq[1095]: query[A] caldav.calendar.yahoo.com from 
127.0.0.1
May 28 10:53:09 dnsmasq[1095]: forwarded caldav.calendar.yahoo.com to 
127.0.0.1
May 28 10:53:09 dnsmasq[1095]: dnssec-query[DS] yahoo.com to 127.0.0.1
May 28 10:53:09 dnsmasq[1095]: dnssec-query[DS] yahoo.com to 127.0.0.1
May 28 10:53:09 dnsmasq[1095]: reply yahoo.com is no DS
May 28 10:53:09 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:09 dnsmasq[1095]: reply caldav.calendar.yahoo.com is <CNAME>
May 28 10:53:09 dnsmasq[1095]: reply calgate01.a02.yahoodns.net is 
NODATA-IPv6
May 28 10:53:09 dnsmasq[1095]: query[AAAA] calgate01.a02.yahoodns.net 
from 127.0.0.1
May 28 10:53:09 dnsmasq[1095]: cached calgate01.a02.yahoodns.net is 
NODATA-IPv6
May 28 10:53:09 dnsmasq[1095]: query[A] calgate01.a02.yahoodns.net from 
127.0.0.1
May 28 10:53:09 dnsmasq[1095]: forwarded calgate01.a02.yahoodns.net to 
127.0.0.1
May 28 10:53:09 dnsmasq[1095]: reply yahoo.com is no DS
May 28 10:53:09 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:09 dnsmasq[1095]: reply caldav.calendar.yahoo.com is <CNAME>
May 28 10:53:09 dnsmasq[1095]: reply calgate01.a02.yahoodns.net is 
72.30.235.6
May 28 10:53:09 dnsmasq[1095]: reply calgate01.a02.yahoodns.net is 
98.138.73.131
May 28 10:53:09 dnsmasq[1095]: dnssec-query[DS] net to 127.0.0.1
May 28 10:53:09 dnsmasq[1095]: reply net is DS keytag 35886
May 28 10:53:09 dnsmasq[1095]: dnssec-query[DS] yahoodns.net to 127.0.0.1
May 28 10:53:10 dnsmasq[1095]: dnssec-query[DNSKEY] net to 127.0.0.1
May 28 10:53:10 dnsmasq[1095]: reply net is DNSKEY keytag 35886
May 28 10:53:10 dnsmasq[1095]: reply net is DNSKEY keytag 50762
May 28 10:53:10 dnsmasq[1095]: reply yahoodns.net is no DS
May 28 10:53:10 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:10 dnsmasq[1095]: reply calgate01.a02.yahoodns.net is 
98.138.73.131
May 28 10:53:10 dnsmasq[1095]: reply calgate01.a02.yahoodns.net is 
72.30.235.6
May 28 10:53:17 dnsmasq[1095]: query[AAAA] www3.l.google.com from 127.0.0.1
May 28 10:53:17 dnsmasq[1095]: forwarded www3.l.google.com to 127.0.0.1
May 28 10:53:17 dnsmasq[1095]: query[A] www3.l.google.com from 127.0.0.1
May 28 10:53:17 dnsmasq[1095]: forwarded www3.l.google.com to 127.0.0.1
May 28 10:53:17 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:17 dnsmasq[1095]: reply www3.l.google.com is 
2607:f8b0:4000:80c::200e
May 28 10:53:17 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:17 dnsmasq[1095]: reply www3.l.google.com is 216.58.194.110
May 28 10:53:18 dnsmasq[1095]: query[A] clients2.google.com from 127.0.0.1
May 28 10:53:18 dnsmasq[1095]: forwarded clients2.google.com to 127.0.0.1
May 28 10:53:18 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:18 dnsmasq[1095]: reply clients2.google.com is <CNAME>
May 28 10:53:18 dnsmasq[1095]: reply clients.l.google.com is 216.58.194.110
May 28 10:53:18 dnsmasq[1095]: query[A] clients2.google.com from 127.0.0.1
May 28 10:53:18 dnsmasq[1095]: cached clients2.google.com is <CNAME>
May 28 10:53:18 dnsmasq[1095]: cached clients.l.google.com is 216.58.194.110
May 28 10:53:19 dnsmasq[1095]: query[A] www.gstatic.com from 127.0.0.1
May 28 10:53:19 dnsmasq[1095]: forwarded www.gstatic.com to 127.0.0.1
May 28 10:53:19 dnsmasq[1095]: validation result is INSECURE
May 28 10:53:19 dnsmasq[1095]: reply www.gstatic.com is 216.58.194.99
May 28 10:53:19 dnsmasq[1095]: query[A] www.gstatic.com from 127.0.0.1
May 28 10:53:19 dnsmasq[1095]: cached www.gstatic.com is 216.58.194.99
May 28 10:55:32 dnsmasq[1095]: query[A] www.wikipedia.org from 127.0.0.1
May 28 10:55:32 dnsmasq[1095]: forwarded www.wikipedia.org to 127.0.0.1
May 28 10:55:32 dnsmasq[1095]: validation result is INSECURE
May 28 10:55:32 dnsmasq[1095]: reply www.wikipedia.org is 91.198.174.192
May 28 10:55:35 dnsmasq[1095]: query[A] en.wikipedia.org from 127.0.0.1
May 28 10:55:35 dnsmasq[1095]: forwarded en.wikipedia.org to 127.0.0.1
May 28 10:55:35 dnsmasq[1095]: validation result is INSECURE
May 28 10:55:35 dnsmasq[1095]: reply en.wikipedia.org is 91.198.174.192
May 28 10:55:35 dnsmasq[1095]: query[A] meta.wikimedia.org from 127.0.0.1
May 28 10:55:35 dnsmasq[1095]: forwarded meta.wikimedia.org to 127.0.0.1
May 28 10:55:35 dnsmasq[1095]: query[A] upload.wikimedia.org from 127.0.0.1
May 28 10:55:35 dnsmasq[1095]: forwarded upload.wikimedia.org to 127.0.0.1
May 28 10:55:35 dnsmasq[1095]: dnssec-query[DS] wikimedia.org to 127.0.0.1
May 28 10:55:36 dnsmasq[1095]: dnssec-query[DS] wikimedia.org to 127.0.0.1

--------------heres my config----------------

  Forward queries to dnscrypt on localhost
server=127.0.0.1#5355

#forward to normal
#server=10.25.0.1

# Never forward plain names
domain-needed

# Examples of blocking TLDs or subdomains
address=/.onion/0.0.0.0
address=/.lmlicenses.wip4.adobe.com/0.0.0.0
address=/.lm.licenses.adobe.com/0.0.0.0
address=/.na1r.services.adobe.com/0.0.0.0
address=/.hlrcv.stage.adobe.com/0.0.0.0
address=/.practivate.adobe.com/0.0.0.0
address=/.activate.adobe.com/0.0.0.0

#address=/.local/0.0.0.0
#address=/.facebook.com/0.0.0.0

# Never forward addresses in the non-routed address spaces
bogus-priv

# Reject private addresses from upstream nameservers
stop-dns-rebind

# Query servers in order
strict-order

# Set the size of the cache
# The default is to keep 150 hostnames
cache-size=8192

# Optional logging directives
log-async
log-dhcp
log-queries
log-facility=/var/log/dnsmasq.log

# DNSSEC options
dnssec
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
dnssec-check-unsigned

# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv

#trust your upstream server's DNSSEC since it traveling over a secure 
dnscrypt-proxy connection.
proxy-dnssec

More information about the Dnsmasq-discuss mailing list