[Dnsmasq-discuss] proper https/svcb configurations?
WJ Park
nikescar at gmail.com
Mon Jun 23 01:04:15 UTC 2025
Hi, Buck.
Thank you for response.
You are right. it was incorrect.
Have a good day!
-Wooae Park
On Sun, Jun 22, 2025 at 5:10 PM Buck Horn via Dnsmasq-discuss <
dnsmasq-discuss at lists.thekelleys.org.uk> wrote:
> On 22.06.25 06:18, WJ Park wrote:
>
> I found https/svcb response is missing answer. is there anything I could
> do make this right?
>
> ```dnsmasq.conf
> domain-needed
> bogus-priv
> dnssec
> dnssec-check-unsigned
> filterwin2k
> strict-order
> no-resolv
> no-poll
> conf-file=/etc/dnsmasq.d/trust-anchors.conf
> server=127.0.0.1
> listen-address=127.0.0.1
> interface=lo
> bind-interfaces
> no-hosts
> dhcp-range=interface:lo,127.0.0.1,127.0.0.1,12h
> dhcp-leasefile=/var/lib/misc/dnsmasq.leases
> cache-size=1000
> cache-rr=ANY
> no-negcache
> conf-dir=/etc/dnsmasq.d/,*.conf
> strip-mac
> strip-subnet
> local-service
> dns-loop-detect
> log-queries
> log-dhcp
> ```
>
> I'm going to assume that you've shared your configuration in full, i.e.
> there aren't any additional conf files under /etc/dnsmasq.d/.
>
> Your configuration doesn't make sense, like using 'strict-order' when
> there's only one upstream server, or defining 'dhcp-range' for just the
> loopback address.
>
> Your main fault is providing the loopback address as the only server, thus
> instructing dnsmasq to forward DNS requests to itself, closing a DNS loop:
>
> > server=127.0.0.1
>
> Apart from DNS records you may have defined locally, this will prevent
> dnsmasq from resolving anything: Your current configuration will always
> result in REFUSED replies (not only for HTTPS or SVCB type requests).
>
> You should point dnsmasq to at least one public DNS resolver, e.g.
>
> server=1.1.1.1
>
>
> Kind regards,
>
> Buck
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20250623/4013062e/attachment.htm>
More information about the Dnsmasq-discuss
mailing list