Running dnsmasq 2.90 on Fedora 42. To reproduce: - verify caching is active and working - add cache-rr=HTTPS to your conf - verify no-negcache is NOT active in your conf - reload or restart dnsmasq - do _two_ digs for ietf.org: dig -t HTTPS @127.0.0.1 www.ietf.org - verify the 2nd IN HTTPS response is served from cache - do _two_ digs to example.com: dig -t HTTPS @127.0.0.1 www.example.com - verify the 2nd IN CNAME response isĀ served from cache - enable no-negcache in your conf - reload or restart dnsmasq - do _two_ digs for ietf.org: dig -t HTTPS @127.0.0.1 www.ietf.org - verify the 2nd IN HTTPS response is served from cache - do _two_ digs to example.com: dig -t HTTPS @127.0.0.1 www.example.com - observe the 2nd IN CNAME response is *NOT* served from cache
Firefox is requesting an HTTPS record for every host name and almost all return IN CNAME instead of IN HTTPS so almost none are cached.
I don't think that a CNAME response to an HTTPS request is a negative response and expect that it would be cached.
_______________________________________________ Dnsmasq-discuss mailing list [email protected] https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
