Start out with the following /etc/dnsmasq.conf, replacing «wlp2s0» as 
appropriate:

log-queries
no-hosts
no-resolv
server=1.1.1.1@wlp2s0

Start Dnsmasq and send it a TCP query:

$ src/dnsmasq -d -p 5333
dnsmasq: started, version 2.80-72-ge24abf2 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN 
DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify 
dumpfile
dnsmasq: using nameserver 1.1.1.1#53(via wlp2s0)
dnsmasq: cleared cache

$ dig @127.0.0.1 -p 5333 fud.no A +vc | grep HEADER
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 2916

Output from Dnsmasq following the above query:

dnsmasq: query[A] fud.no from 127.0.0.1
dnsmasq: config error is REFUSED

It makes no attempt to contact the upstream server.

If I remove «@wlp2s0» from the server config, it works fine.

A practical consequence of this bug is that I cannot resolve any domain names 
under *.org with DNSSEC enabled. The initial UDP query results in a truncated 
answer, so libc/dig retries in TCP mode and fails.

Note that NetworkManager automatically configures the upstream DNS servers with 
a specific interface via D-Bus, this behaviour appears hard-coded.

Tore


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to