[Dnsmasq-discuss] DNSSEC and all-servers

tobias+dnsmasq at trds.de tobias+dnsmasq at trds.de
Thu Oct 7 09:59:44 UTC 2021


Hi,

when "dnssec" and "all-servers" are set, according to the log it seems
queries are usually forwarded to all upstream servers as expected, but
the internal "dnssec-query"s are not, they are only sent to one, which
is unexpected with "all-servers". (They are also not balanced but more
like 16:1 sent to the first upstream server, which is usually the faster
one, I assume that's why?)

Another issue, probably not related to "all-servers", and maybe not even
DNSSEC: When there's an A query followed by an AAAA query, the log shows
two identical consecutive internal DS/DNSKEY queries (to the same
upstream, verified via upstream log), isn't that unnecessary/excessive?

Thanks!

Tobias



More information about the Dnsmasq-discuss mailing list