On 18/07/2019 10:57, Hamish Moffatt wrote:
> Yes it does work with 8.8.8.8.
>
> It works if I query 1.1.1.1 directly with dig though, or use proxy-dnssec.
The problem is not the answer to the query, it's that for dnsmasq to
validate the answer, it has to make a set of further queries, and
It looks like it's the same. I can't query the www.vp4.navy.mil site
listed in that other report with validation enabled either.
dnsmasq[14688]: 323 192.168.42.2/60372 query[A] www.vp4.navy.mil from
192.168.42.2
dnsmasq[14688]: 323 192.168.42.2/60372 forwarded www.vp4.navy.mil to 1.1.1.1
I'm not in a position to look at this for a few days, but in the meantime,
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012910.html
discusses a situation which looks, at least superficially, similar. It
might be worth turning on DNS logging and seeing if the similarity goes
Hi,
I'm trying to enable DNSSEC validation in dnsmasq 2.80, on my OpenWRT
router. For upstream, I'm using 1.1.1.1. With DNSSEC validation on, when
I visit the Cloudflare test site
https://www.cloudflare.com/ssl/encrypted-sni/ , it says it can't
determine if I have secure DNS enabled.
It's