[Dnsmasq-discuss] TCP queries are refused if upstream server is specified with interface

Normen Kowalewski nbkowalewski at gmx.net
Fri Sep 13 17:28:51 BST 2019

HI There

FWIW, please allow me to share a pointer to the Open Source MacOSX/Windows tool DOX [1] that allows to to send queries via Classic DNS, DoT and DoH.

To check for encrypted DNS in form of DNS-over-TLS from a command line, you might want to use kdig from the knot-dnsutils package [2], it defaults to port 853 in case of +tls being set. 
kdig can of course also check for Classic DNS.

kdig a example.com +tls @ 

I trust that you are likely aware of the classic dig.

BR, Normen

[1] https://github.com/wttw/dox/releases/tag/v0.1.4 <https://github.com/wttw/dox/releases/tag/v0.1.4> 
[2] https://pkgs.org/download/knot-dnsutils <https://pkgs.org/download/knot-dnsutils>

> On 13. Sep 2019, at 15:45, B. Cook <bcook at poughkeepsieschools.org> wrote:
> I can't find the actual documentation at the moment..
> iirc dnsmasq port designation is # not @
> and I think it needs a port, not an interface..
> server=
> but Cloudflare doesn't do unencrypted DNS..
> quad9 does..
> server=
> Not sure if the @ is something new..
> -- 
> This message may contain confidential information and is intended only for 
> the individual(s) named. If you are not an intended recipient you are not 
> authorized to disseminate, distribute or copy this e-mail. Please notify 
> the sender immediately if you have received this e-mail by mistake and 
> delete this e-mail from your system.
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20190913/7e7ebd0d/attachment-0001.html>

More information about the Dnsmasq-discuss mailing list