Been trying to figure this out for a while.. and I think I'm onto something..
Started out w/ pihole at work, I have dnscrypt-proxy listening on 127.53.53.53#5353 for dnscrypt to quad9 and 127.54.54.54#5454 on doh to quad9 and the all-servers setting in a separate config file. Pihole would tell me that one of the servers refused to a recursive query.. (both servers are intentionally going to the same place just different protocols in that was not clear..) The server that was refusing to do the recursive query was the first server listed, second was fine.. if I switched the servers, the first was now the problem.. but I thought it was a pihole issue, and in my mind I would just setup a dnsmasq servers with the same settings and I'd be fine.. Just had some time at home and setup a local server 127.55.55.55#5555 and I have the same issue. So this might be a dnsmasq issue.. my dnsmasq config: no-resolv log-queries log-facility=/var/log/dnsmasq/dnsmasq.log server=127.54.54.54#5454 server=127.53.53.53#5353 bind-interfaces interface=lo listen-address=127.55.55.55 port=5555 all-servers cache-size=2048 grep refused /var/log/dnsmasq/dnsmasq.log May 5 09:46:31 dnsmasq: nameserver 127.54.54.54 refused to do a recursive query May 5 09:46:31 dnsmasq: nameserver 127.54.54.54 refused to do a recursive query May 5 09:47:14 dnsmasq: nameserver 127.54.54.54 refused to do a recursive query May 5 09:48:16 dnsmasq: nameserver 127.54.54.54 refused to do a recursive query and if I make the 53#5353 server first, that is the refused server.. dnsmasq --v Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley Compile time options: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile "BTW, I use arch.." # uname -r 4.19.37-1-lts It's a bare metal machine fwiw. -- This message may contain confidential information and is intended only for the individual(s) named. If you are not an intended recipient you are not authorized to disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss