Hi Albert, My issues were caused by running dnsmasq in a FreeBSD jail. Basic jails (using iocage as the jail manager, at least) use shared IP networking that is not a complete network stack. All other services I host inside jails work fine, but apparently I will need to change to use VNET/VIMAGE networking for the jails to allow dnsmasq to respond properly.
Sorry for the false alarm, since this is not a dnsmasq issue. I did learn a good amount, though :-) Best regards, Bill > On Sep 9, 2016, at 16:39, Albert ARIBAUD <albert.arib...@free.fr> wrote: > > Hi Bill, > > Le Fri, 9 Sep 2016 16:10:35 -0400 > Bill Warren <billwar...@gmail.com> a écrit: > >> Hi Albert, >> >> I tried installing dnsmasq in a virtualized, fresh FreeBSD >> installation ... and it is working. I will go through my hardening >> configurations to see what, if anything, I can isolate as the cause. > > I would have said as much from reading the second tcpdump, which shows > the answer from google to the dnsmasq server host (...1.14) but not the > answer from the server host to the original client. I bet the iptables > layer drops the packet for some reason. > >> to be continued … > > Let us know when you find out. > > Amicalement, > -- > Albert. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss