Greetings!
This isn’t a new problem but curiosity/frustration has now got the better of
me. I’ve a QNAP NAS box which registers itself under
‘waldorfdb.myqnapcloud.com’ with both IPv4 & IPv6 addresses.
My home lan router provides DHCP & DNS service courtesy dnsmasq. Sometimes my
local browser is unable to resolve the above domain name and the “Insecure DS
reply received” message is seen in the router’s syslog:
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087
2a02:c7f:1231:2000::dc83/57269 query[A] waldorfdb.myqnapcloud.com from
2a02:c7f:1231:2000::dc83
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087
2a02:c7f:1231:2000::dc83/57269 forwarded waldorfdb.myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: *
2a02:c7f:1231:2000::dc83/57269 dnssec-query[DS] myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:49 2018 daemon.warn dnsmasq[21675]: Insecure DS reply
received, do upstream DNS servers support DNSSEC?
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: *
2a02:c7f:1231:2000::dc83/57269 reply myqnapcloud.com is BOGUS DS
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087
2a02:c7f:1231:2000::dc83/57269 validation waldorfdb.myqnapcloud.com is BOGUS
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1087
2a02:c7f:1231:2000::dc83/57269 reply waldorfdb.myqnapcloud.com is 151.227.238.60
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181
query[A] waldorfdb.myqnapcloud.com from 192.168.219.142
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181
forwarded waldorfdb.myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:49 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/51181
dnssec-query[DS] myqnapcloud.com to 8.8.4.4
Sat Jul 28 18:13:50 2018 daemon.warn dnsmasq[21675]: Insecure DS reply
received, do upstream DNS servers support DNSSEC?
Sat Jul 28 18:13:50 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/51181
reply myqnapcloud.com is BOGUS DS
Sat Jul 28 18:13:50 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181
validation waldorfdb.myqnapcloud.com is BOGUS
Sat Jul 28 18:13:50 2018 daemon.info dnsmasq[21675]: 1088 192.168.219.142/51181
reply waldorfdb.myqnapcloud.com is 151.227.238.60
Curiously a few minutes later and all is well, or well enough that my client
gets an answer:
Sat Jul 28 18:16:24 2018 daemon.info dnsmasq[21675]: 1121
2a02:c7f:1231:2000::dc83/51183 query[A] waldorfdb.myqnapcloud.com from
2a02:c7f:1231:2000::dc83
Sat Jul 28 18:16:24 2018 daemon.info dnsmasq[21675]: 1121
2a02:c7f:1231:2000::dc83/51183 forwarded waldorfdb.myqnapcloud.com to
2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: *
2a02:c7f:1231:2000::dc83/51183 dnssec-query[DS] myqnapcloud.com to
2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.warn dnsmasq[21675]: Insecure DS reply
received, do upstream DNS servers support DNSSEC?
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: *
2a02:c7f:1231:2000::dc83/51183 reply myqnapcloud.com is BOGUS DS
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1121
2a02:c7f:1231:2000::dc83/51183 validation waldorfdb.myqnapcloud.com is BOGUS
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1121
2a02:c7f:1231:2000::dc83/51183 reply waldorfdb.myqnapcloud.com is 151.227.238.60
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027
query[A] waldorfdb.myqnapcloud.com from 192.168.219.142
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027
forwarded waldorfdb.myqnapcloud.com to 2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/59027
dnssec-query[DS] myqnapcloud.com to 2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: * 192.168.219.142/59027
reply myqnapcloud.com is no DS
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027
validation result is INSECURE
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1122 192.168.219.142/59027
reply waldorfdb.myqnapcloud.com is 151.227.238.60
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123
2a02:c7f:1231:2000::dc83/59028 query[] waldorfdb.myqnapcloud.com from
2a02:c7f:1231:2000::dc83
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123
2a02:c7f:1231:2000::dc83/59028 forwarded waldorfdb.myqnapcloud.com to
2001:4860:4860::8844
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123
2a02:c7f:1231:2000::dc83/59028 validation result is INSECURE
Sat Jul 28 18:16:25 2018 daemon.info dnsmasq[21675]: 1123
2a02:c7f:1231:2000::dc83/59028 reply waldorfdb.myqnapcloud.com is
2a02:c7f:1231:2000::c
I only seem to see this behaviour if using Google's public DNS.
Anyone else seeing this sort of thing? Help! :-) I’m at your disposal.
Cheers,
Kevin D-B
012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
signature.asc
Description: Message signed with OpenPGP
___
Dnsmasq-discuss mailing