[Dnsmasq-discuss] issues resolving a DNSSEC domain with dnsmasq 2.76
Jelle de Jong
jelledejong at powercraft.nl
Fri Mar 19 12:50:49 UTC 2021
Hello everybody,
I am having an issue resolving the MX record of a domain using DNSSEC,
however I can not find anything wrong with this domain on a dnssec test
sites, but dnsmasq goes into a loop until the dig tool times out.
The dnssec test on the goededoelennederland.nl domain:
https://dnsviz.net/d/goededoelennederland.nl/dnssec/
The dnsmasq loop logs (a few pages full)
Mar 19 13:37:18 firewall01 dnsmasq[26888]: reply goededoelennederland.nl
is DNSKEY keytag 44143, algo 13
Mar 19 13:37:18 firewall01 dnsmasq[26888]: dnssec-query[DNSKEY]
goededoelennederland.nl to 208.67.220.220
Mar 19 13:37:18 firewall01 dnsmasq[26888]: reply goededoelennederland.nl
is DNSKEY keytag 44143, algo 13
Mar 19 13:37:18 firewall01 dnsmasq[26888]: dnssec-query[DNSKEY]
goededoelennederland.nl to 208.67.220.220
The dnsmasq config:
dnssec
conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
If I disable dnsmasq option it all works:
# dnsmasq --version
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua
TFTP conntrack ipset auth DNSSEC loop-detect inotify
# dig MX goededoelennederland.nl @localhost
; <<>> DiG 9.10.3-P4-Debian <<>> MX goededoelennederland.nl @localhost
;; global options: +cmd
;; connection timed out; no servers could be reached
# dig MX goededoelennederland.nl @208.67.222.222 | grep -v ";"
goededoelennederland.nl. 0 IN MX 0
goededoelennederland-nl.mail.protection.outlook.com.
I could reproduce this isuses on multipe dnsmasq servers.
Could someone knowledgeable do a a quick dig MX goededoelennederland.nl
and see what goes wrong?
Kind regards,
Jelle de Jong
More information about the Dnsmasq-discuss
mailing list