[Dnsmasq-discuss] Reverse lookups stopped working with DNSSEC enabled
Geert Stappers
stappers at stappers.nl
Fri Apr 11 16:13:08 UTC 2025
On Fri, Apr 11, 2025 at 03:59:30PM +0200, Opty wrote:
> Hello,
>
> using dnsmasq 2.90 on Slackware 15.0 (32-bit), about a week ago
> reverse lookups suddenly stopped working with DNSSEC enabled:
>
> opty at vodopnik:~$ host 158.194.80.13
> ;; Truncated, retrying in TCP mode.
> ;; communications error to 127.0.0.1#53: timed out
> ;; communications error to 127.0.0.1#53: timed out
> ;; no servers could be reached
>
> I upgraded to 2.91 which didn't help much, just the truncation message
> went gone. So I tried to comment edns-packet-max=1232, then enable
> dnssec-check-unsigned but that didn't help either.
>
> Finally, I upgraded to 2.92test2 but still no joy.
>
> Currently working /etc/dnsmasq.conf:
>
> domain-needed
> bogus-priv
> conf-file=/usr/share/dnsmasq/trust-anchors.conf
> no-resolv
> server=9.9.9.9
> server=149.112.112.112
> listen-address=127.0.0.1,192.168.1.254,10.0.5.1
> no-dhcp-interface=127.0.0.1,192.168.1.254
> bind-interfaces
> dhcp-range=10.0.5.100,10.0.5.249,12h
> dhcp-host=rr:ee:dd:aa:cc:tt,10.0.5.128
> dhcp-option=option:ntp-server,10.0.5.1
> dhcp-option=option:dns-server,10.0.5.1
> edns-packet-max=1232
>
> I suspect my ISP of some change and in case of your interest I would
> appreciate some guidance on debugging this, preferably
> non-interruptive.
At dnsmasq side: enable query logging.
At "client side" example given: `host 158.194.80.13 192.168.1.254`,
that is to force `host` to use dnsmasq (address taken from above config)
Forcing a DNSserver rules out that "/etc/resolv.conf magic" is being
used.
Groeten
Geert Stappers
--
Silence is hard to parse
More information about the Dnsmasq-discuss
mailing list