On 18/08/14 21:37, Conrad Kostecki wrote: > Bingo! That seems to be the cause. When I disable dnssec, its working fine. > When I enable it again, it’s failing again on *.org domains. > Why? Do you have some explanation?
Well, if dnssec is enabled in dnsmasq it needs to do load of extra queries to do the validation, so one of them may be failing. What happens if you do the queries direct to the google servers, but ask for dnsmasq validation? dig +dnssec domain.org The most useful information at this point would be the logs after enabling dnssec and log-queries. That would tell us which DNSSEC queries are timing out. Cheers, Simon. > > Conrad > > Von: sven falempin [mailto:sven.falem...@gmail.com] > Gesendet: Donnerstag, 14. August 2014 23:08 > An: Conrad Kostecki > Betreff: Re: [Dnsmasq-discuss] DNSMasq does not resolv *.org domains > > what bout sending the dnsmasq conf... maybe dnssec ? > > and look at your logs > > > On Thu, Aug 14, 2014 at 4:47 PM, Conrad Kostecki > <c...@conrad-kostecki.de<mailto:c...@conrad-kostecki.de>> wrote: > Hi! > I am having a very strange problem. I am unable to resolve any *.org domains > via DNSMasq. > My currently used DNSMasq is 2.72test3-7-g993f8cb. The problem happens only > within DNSMasq. > > Galactica # cat /etc/resolv.conf > nameserver 127.0.0.1 > nameserver ::1 > nameserver 8.8.8.8 > nameserver 8.8.4.4 > nameserver 2001:4860:4860::8888 > nameserver 2001:4860:4860::8844 > > As you see, there is localhost in first two lines defined and then the Google > DNS servers, which DNSMasq should use. > It's pretty funny, that DNSMasq just says, it can't reach any server. But > when I choose the Google DNS directly on the same machine, it works perfectly > fine. So which Server can't DNSMasq reach? > > Galactica # nslookup >> server 127.0.0.1 > Default server: 127.0.0.1 > Address: 127.0.0.1#53 >> gentoo.org<http://gentoo.org> > ;; connection timed out; no servers could be reached >> server 8.8.8.8 > Default server: 8.8.8.8 > Address: 8.8.8.8#53 >> gentoo.org<http://gentoo.org> > Server: 8.8.8.8 > Address: 8.8.8.8#53 > > Non-authoritative answer: > Name: gentoo.org<http://gentoo.org> > Address: 89.16.167.134 >> > > What did I wrong? I don't understand this, as it only affects *.org domains?? > > Conrad > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk<mailto:Dnsmasq-discuss@lists.thekelleys.org.uk> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > > > > -- > --------------------------------------------------------------------------------------------------------------------- > () ascii ribbon campaign - against html e-mail > /\ > > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
