[Dnsmasq-discuss] When HTTPS is added to rr-types of --cache-rr and --nonegcache is active non-HTTPS responses to HTTPS queries are not cached
Jay Guerette
jayguerette at gmail.com
Wed Jul 9 04:19:35 UTC 2025
Running dnsmasq 2.90 on Fedora 42.
To reproduce:
- verify caching is active and working
- add cache-rr=HTTPS to your conf
- verify no-negcache is NOT active in your conf
- reload or restart dnsmasq
- do _two_ digs for ietf.org: dig -t HTTPS @127.0.0.1 www.ietf.org
- verify the 2nd IN HTTPS response is served from cache
- do _two_ digs to example.com: dig -t HTTPS @127.0.0.1 www.example.com
- verify the 2nd IN CNAME response is served from cache
- enable no-negcache in your conf
- reload or restart dnsmasq
- do _two_ digs for ietf.org: dig -t HTTPS @127.0.0.1 www.ietf.org
- verify the 2nd IN HTTPS response is served from cache
- do _two_ digs to example.com: dig -t HTTPS @127.0.0.1 www.example.com
- observe the 2nd IN CNAME response is *NOT* served from cache
Firefox is requesting an HTTPS record for every host name and almost all
return IN CNAME instead of IN HTTPS so almost none are cached.
I don't think that a CNAME response to an HTTPS request is a negative
response and expect that it would be cached.
More information about the Dnsmasq-discuss
mailing list