On 05-05-2019 16:05, B. Cook wrote:

> Been trying to figure this out for a while.. and I think I'm onto something..
>
> Started out w/ pihole at work, I have dnscrypt-proxy listening on
> 127.53.53.53#5353 for dnscrypt to quad9 and 127.54.54.54#5454 on doh
> to quad9 and the all-servers setting in a separate config file.
>
> Pihole would tell me that one of the servers refused to a recursive
> query.. (both servers are intentionally going to the same place just
> different protocols in that was not clear..)
>
> The server that was refusing to do the recursive query was the first
> server listed, second was fine.. if I switched the servers, the first
> was now the problem.. but I thought it was a pihole issue, and in my
> mind I would just setup a dnsmasq servers with the same settings and
> I'd be fine..
>
> Just had some time at home and setup a local server 127.55.55.55#5555
> and I have the same issue.  So this might be a dnsmasq issue..
Hence the posting to this mailinglist ...
>
> my dnsmasq config:
>
> no-resolv
> log-queries
> log-facility=/var/log/dnsmasq/dnsmasq.log
> server=127.54.54.54#5454
> server=127.53.53.53#5353
>
> bind-interfaces
> interface=lo
> listen-address=127.55.55.55
> port=5555
> all-servers
> cache-size=2048
>
> grep refused /var/log/dnsmasq/dnsmasq.log
> May  5 09:46:31 dnsmasq[16098]: nameserver 127.54.54.54 refused to do a 
> recursive query
> May  5 09:46:31 dnsmasq[16098]: nameserver 127.54.54.54 refused to do a 
> recursive query
> May  5 09:47:14 dnsmasq[16098]: nameserver 127.54.54.54 refused to do a 
> recursive query
> May  5 09:48:16 dnsmasq[16098]: nameserver 127.54.54.54 refused to do a 
> recursive query
>
> and if I make the 53#5353 server first, that is the refused server..
>
> dnsmasq --v
> Dnsmasq version 2.80  Copyright (c) 2000-2018 Simon Kelley
> Compile time options: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6
> no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile
>
> "BTW, I use arch.."
>
> # uname -r
> 4.19.37-1-lts
>
> It's a bare metal machine fwiw.
>

Thing I, happy user of dnsmasq, would do is verify with another dnsquery
tool

if that gets also "refused to do recursive query" fromĀ  127.54.54.54#5454



Cheers

Geert Stappers

Who can't image the *why* of the configuration of Original Poster.



_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to