[Dnsmasq-discuss] 2.85: .. cache refresh problems?

Steffen Nurpmeso steffen at sdaoden.eu
Wed Jun 2 23:05:12 UTC 2021

Hello, for your possible interest.

Steffen Nurpmeso wrote in
 <20210424222910.87MHK%steffen at sdaoden.eu>:
 |Steffen Nurpmeso wrote in
 | <20210422212628.eSXGa%steffen at sdaoden.eu>:
 ||Since a few weeks ago i sometimes see mail delivery from a few
 ||domains (most often: mx2.freebsd.org, lesser so netbsd.org,
 ||ietf.org, crux.nu) being blocked by a simple-minded postfix
 ||log parser on my side (that i finally started using some months
 ||ago).  Since i realized what was going on i (1) changed the
 ||upstream DNS server=s of dnsmasq, (2) changed neg-ttl and
 ||increased cache-size to lower impact, finally started verifying
 ||postfix DNS reports which until now avoids blocking precious
 ||upstream servers:
 | ...
 ||What _is_ new on my side is that i have "dnssec" enabled now.

My provider traced the problem and today they said

  [.] der [.] eingesetzte BIND [hat] in der Kombination aus den
  Flags des anfragenden Client [.] und den autoritativen
  Nameservern [.] Probleme [.]

  the used bind has problems in the combination of the flags the
  client uses, and the authoritative servers on the other side.

With a lot of "shall" and "possibly".  Anyhow, they pointed me to
a PowerDNS server now.  (Now i get a lot of errors with the
dnsbl.sorbs.net i use, but whatever ;)

In the meantime i had placed the freebsd domain in /etc/hosts,
most other failing lookups refer to spam domains that i do not
care about.


P.S.: the possibility to make dnsmasq authoritative for IPv6 when
it yet only served IPv4 via an entry in a --dhcp-host file would
be fantastic.  (Or, maybe even better yet, even if it did _not_
yet serve any DHCP related, but a query for a name that has an IP
assigned there, or a name which only has a MAC, i.e., pre-reserve
that IP, maybe?  Thanks for dnsmasq.)

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the Dnsmasq-discuss mailing list