[Dnsmasq-discuss] Add an option to not always add a pseudo header?
Simon Kelley
simon at thekelleys.org.uk
Wed Jan 14 15:24:50 UTC 2026
On 23.12.2025 11:36, Matus UHLAR - fantomas wrote:
> On 23.12.25 17:48, zhangguodong--- via Dnsmasq-discuss wrote:
>> I'm using dnsmasq as a local caching resolver for several years and
>> upgrade to version 2.91 recently. It used to work properly in the
>> past, but the queries to dnsmasq can not be replied now.
>> I have confirmed that my home broadband provider's firewall is
>> blocking query packets with the EDNS0 header, based on a comparison
>> between versions 2.91 and 2.90.
>> From the changelog of version 2.91, I also learn that EDNS0 header
>> will be always added when talking to upstream now.
>
> Have you tried to handle this with your provider?
>
> EDNS is 25 years old (RFC 2671, August 1999) and required for many
> functionalities, especially since many DNS replies are bigger than the
> old 512B maximum for DNS UDP packets.
>
>
>> Therefore, is it possible to add an option to control whether to
>> always add EDNS0 header?
>
I think Matus is right here. Even if dnsmasq doesn't always add EDNS,
many clients will send queries to dnsmasq with EDNS, which dnsmasq will
then forward. Many features (example DNSSEC) will break without EDNS or
break because of EDNS and the broken firewall. The best solution if to
fix the firewall, which is long, long out-of-date.
Simon.
More information about the Dnsmasq-discuss
mailing list