Re: [Dnsmasq-discuss] DNSSEC failure after some time
Also, insure that TCP connections to 8.8.8.8 and 8.8.4.4 are not being blocked in your firewall. Cheers, Simon. On 03/07/17 09:35, Hamish Moffatt wrote: > On 29/06/17 09:42, Hamish Moffatt wrote: >> On 29/06/17 07:05, Simon Kelley wrote: >>> Your text says 2.75, but the log says 2.76. There's a significant >>> difference between the two in DNSSEC code. >>> >>> First thing to do is to turn on --log-queries and arrange for the (quite >>> large) logs to go somewhere safe, if the router has limited storage. >>> That should give you information about why the validation is failing. >>> >> >> I meant 2.76. I will start logging and report back if I see the >> failure again (but two weeks in a row now). > > This just happened again. Here are the logs from a couple of DNS lookups > after it failed. I redacted the hostnames and IPs, hope it still makes > sense. > > > ul 3 16:58:36 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:36 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo2.foo.com is > > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 > Jul 3 16:58:37 router daemon.info dnsmasq[11219]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation > foo2.foo.com is ABANDONED > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: validation > foo2.foo.com is ABANDONED > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] > foo2.foo.com.cloud.net.au from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com.cloud.net.au to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: validation result is > INSECURE > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply > foo2.foo.com.cloud.net.au is NXDOMAIN > > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: dnssec-query[DNSKEY] > foo.com to 8.8.8.8 > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: validation > dev.foo.com is ABANDONED > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply dev.foo.com is > > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply > office-gw.foo.com.au is 1.1.1.1 > Jul 3 17:00:48 router daemon.info dnsmasq[10149]: query[A] > dev.foo.com.cloud.net.au from 192.168.42.2 > Jul 3 17:00:48 router daemon.info dnsmasq[10149]: cached > dev.foo.com.cloud.net.au is NXDOMAIN > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: query[A] > docs.google.com from 192.168.42.2 > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: forwarded > docs.google.com to 8.8.8.8 > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: validation result is > INSECURE > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: reply docs.google.com > is 216.58.200.110 > Jul 3 17:01:02 router daemon.info dnsmasq[10149]: query[A] foo1.foo.com > from 192.168.42.2 > Jul 3 17:01:02 router daemon.info dnsmasq[10149]: forwarded > foo1.foo.com to 8.8.8.8 > Jul 3 17:01:02 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] > foo.com to 8.8.8.8 > Jul 3 17:01:03 router daemon.info dnsmasq[10149]: reply foo1.foo.com is > 2.2.2.2 > Jul 3 17:01:03 router daemon.info dnsmasq[11427]: query[A] foo1.foo.c
Re: [Dnsmasq-discuss] DNSSEC failure after some time
Clue: these failures are happening with DNS queries sent over TCP (The PIDS tell the story, 10149 is the main daemon, and 11219, 11220 are child processes handling TCP connections.) I think this is fixed in 2.77 by http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=361dfe515879b5adabf3702b8be692c4fb6bf3a7 Is there any way you could upgrade to 2.77? Cheers, Simon. On 03/07/17 09:35, Hamish Moffatt wrote: > On 29/06/17 09:42, Hamish Moffatt wrote: >> On 29/06/17 07:05, Simon Kelley wrote: >>> Your text says 2.75, but the log says 2.76. There's a significant >>> difference between the two in DNSSEC code. >>> >>> First thing to do is to turn on --log-queries and arrange for the (quite >>> large) logs to go somewhere safe, if the router has limited storage. >>> That should give you information about why the validation is failing. >>> >> >> I meant 2.76. I will start logging and report back if I see the >> failure again (but two weeks in a row now). > > This just happened again. Here are the logs from a couple of DNS lookups > after it failed. I redacted the hostnames and IPs, hope it still makes > sense. > > > ul 3 16:58:36 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:36 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo2.foo.com is > > Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 > Jul 3 16:58:37 router daemon.info dnsmasq[11219]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation > foo2.foo.com is ABANDONED > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: query[A] foo2.foo.com > from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: forwarded > foo2.foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: dnssec-query[DNSKEY] > foo.com to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: validation > foo2.foo.com is ABANDONED > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo2.foo.com is > > Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo.com is 2.2.2.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] > foo2.foo.com.cloud.net.au from 192.168.42.2 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded > foo2.foo.com.cloud.net.au to 8.8.4.4 > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: validation result is > INSECURE > Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply > foo2.foo.com.cloud.net.au is NXDOMAIN > > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: dnssec-query[DNSKEY] > foo.com to 8.8.8.8 > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: validation > dev.foo.com is ABANDONED > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply dev.foo.com is > > Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply > office-gw.foo.com.au is 1.1.1.1 > Jul 3 17:00:48 router daemon.info dnsmasq[10149]: query[A] > dev.foo.com.cloud.net.au from 192.168.42.2 > Jul 3 17:00:48 router daemon.info dnsmasq[10149]: cached > dev.foo.com.cloud.net.au is NXDOMAIN > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: query[A] > docs.google.com from 192.168.42.2 > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: forwarded > docs.google.com to 8.8.8.8 > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: validation result is > INSECURE > Jul 3 17:00:53 router daemon.info dnsmasq[10149]: reply docs.google.com > is 216.58.200.110 > Jul 3 17:01:02 router daemon.info dnsmasq[10149]: query[A] foo1.foo.com > from 192.168.42.2 > Jul 3 17:01:02 router daemon.info dnsmasq[10149]: forwarded > foo1.foo.c
Re: [Dnsmasq-discuss] DNSSEC failure after some time
On 03/07/17 18:35, Hamish Moffatt wrote: Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation foo2.foo.com is ABANDONED Now I have this again 24 hours later, and I also have some saying validation foo2.foo.com is BOGUS Hamish ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSSEC failure after some time
On 29/06/17 09:42, Hamish Moffatt wrote: On 29/06/17 07:05, Simon Kelley wrote: Your text says 2.75, but the log says 2.76. There's a significant difference between the two in DNSSEC code. First thing to do is to turn on --log-queries and arrange for the (quite large) logs to go somewhere safe, if the router has limited storage. That should give you information about why the validation is failing. I meant 2.76. I will start logging and report back if I see the failure again (but two weeks in a row now). This just happened again. Here are the logs from a couple of DNS lookups after it failed. I redacted the hostnames and IPs, hope it still makes sense. ul 3 16:58:36 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com from 192.168.42.2 Jul 3 16:58:36 router daemon.info dnsmasq[10149]: forwarded foo2.foo.com to 8.8.4.4 Jul 3 16:58:37 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com from 192.168.42.2 Jul 3 16:58:37 router daemon.info dnsmasq[10149]: forwarded foo2.foo.com to 8.8.4.4 Jul 3 16:58:37 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] foo.com to 8.8.4.4 Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo2.foo.com is Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 Jul 3 16:58:37 router daemon.info dnsmasq[11219]: query[A] foo2.foo.com from 192.168.42.2 Jul 3 16:58:38 router daemon.info dnsmasq[11219]: forwarded foo2.foo.com to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[11219]: dnssec-query[DNSKEY] foo.com to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation foo2.foo.com is ABANDONED Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo2.foo.com is Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo.com is 2.2.2.2 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com from 192.168.42.2 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded foo2.foo.com to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] foo.com to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] foo.com to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2 Jul 3 16:58:38 router daemon.info dnsmasq[11220]: query[A] foo2.foo.com from 192.168.42.2 Jul 3 16:58:38 router daemon.info dnsmasq[11220]: forwarded foo2.foo.com to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[11220]: dnssec-query[DNSKEY] foo.com to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[11220]: validation foo2.foo.com is ABANDONED Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo2.foo.com is Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo.com is 2.2.2.2 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com.cloud.net.au from 192.168.42.2 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded foo2.foo.com.cloud.net.au to 8.8.4.4 Jul 3 16:58:38 router daemon.info dnsmasq[10149]: validation result is INSECURE Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com.cloud.net.au is NXDOMAIN Jul 3 17:00:48 router daemon.info dnsmasq[11425]: dnssec-query[DNSKEY] foo.com to 8.8.8.8 Jul 3 17:00:48 router daemon.info dnsmasq[11425]: validation dev.foo.com is ABANDONED Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply dev.foo.com is Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply office-gw.foo.com.au is 1.1.1.1 Jul 3 17:00:48 router daemon.info dnsmasq[10149]: query[A] dev.foo.com.cloud.net.au from 192.168.42.2 Jul 3 17:00:48 router daemon.info dnsmasq[10149]: cached dev.foo.com.cloud.net.au is NXDOMAIN Jul 3 17:00:53 router daemon.info dnsmasq[10149]: query[A] docs.google.com from 192.168.42.2 Jul 3 17:00:53 router daemon.info dnsmasq[10149]: forwarded docs.google.com to 8.8.8.8 Jul 3 17:00:53 router daemon.info dnsmasq[10149]: validation result is INSECURE Jul 3 17:00:53 router daemon.info dnsmasq[10149]: reply docs.google.com is 216.58.200.110 Jul 3 17:01:02 router daemon.info dnsmasq[10149]: query[A] foo1.foo.com from 192.168.42.2 Jul 3 17:01:02 router daemon.info dnsmasq[10149]: forwarded foo1.foo.com to 8.8.8.8 Jul 3 17:01:02 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY] foo.com to 8.8.8.8 Jul 3 17:01:03 router daemon.info dnsmasq[10149]: reply foo1.foo.com is 2.2.2.2 Jul 3 17:01:03 router daemon.info dnsmasq[11427]: query[A] foo1.foo.com from 192.168.42.2 Jul 3 17:01:03 router daemon.info dnsmasq[11427]: forwarded foo1.foo.com to 8.8.8.8 Jul 3 17:01:03 router daemon.info dnsmasq[11427]: dnssec-query[DNSKEY] foo.com to 8.8.8.8 Jul 3 17:01:03 router daemon.info dnsmasq[11427]: validation foo1.foo.com is ABANDONED Jul 3 17:01:03 router daemon.info dnsm
Re: [Dnsmasq-discuss] DNSSEC failure after some time
On 29/06/17 07:05, Simon Kelley wrote: Your text says 2.75, but the log says 2.76. There's a significant difference between the two in DNSSEC code. First thing to do is to turn on --log-queries and arrange for the (quite large) logs to go somewhere safe, if the router has limited storage. That should give you information about why the validation is failing. I meant 2.76. I will start logging and report back if I see the failure again (but two weeks in a row now). thanks Hamish ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSSEC failure after some time
On 28/06/17 02:25, Hamish Moffatt wrote: > I've recently enabled DNSSEC on dnsmasq, and signed a zone that I work > with a lot. > > It works for a while (dig shows the AD (authentic data) flag on signed > zones), but after about a week, I start getting lookup failures for that > zone until I restart dnsmasq. Then it works for another week. The DNSSEC > verifier at https://dnssec-debugger.verisignlabs.com/ says the domain is > fine. > > There's nothing in the log file, though I am not logging all queries. > > > I have version 2.75. It's baked into my router firmware (Tomato Shibby) > so I can't easily try the very latest. The DNSSEC-related part of my > config is > > dnssec > > conf-file=/etc/trust-anchors.conf > > > And the trust-anchors.conf says > > trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 > > trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D > > > > > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: started, version 2.76 > cachesize 4096 > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: compile time options: > IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP > no-conntrack ipset Tomato-helper a > uth DNSSEC loop-detect no-inotify > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: DNSSEC validation enabled > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: asynchronous logging > enabled, queue limit is 5 messages > Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: DHCP, IP range > 192.168.42.20 -- 192.168.42.254, lease time 1d > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: reading > /etc/resolv.dnsmasq > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver > 8.8.8.8#53 > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver > 8.8.4.4#53 > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read /etc/hosts - 2 > addresses > Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read > /etc/dnsmasq/hosts/hosts - 12 addresses > Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: read > /etc/dnsmasq/dhcp/dhcp-hosts > > Your text says 2.75, but the log says 2.76. There's a significant difference between the two in DNSSEC code. First thing to do is to turn on --log-queries and arrange for the (quite large) logs to go somewhere safe, if the router has limited storage. That should give you information about why the validation is failing. Cheers, Simon. signature.asc Description: OpenPGP digital signature ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] DNSSEC failure after some time
I've recently enabled DNSSEC on dnsmasq, and signed a zone that I work with a lot. It works for a while (dig shows the AD (authentic data) flag on signed zones), but after about a week, I start getting lookup failures for that zone until I restart dnsmasq. Then it works for another week. The DNSSEC verifier at https://dnssec-debugger.verisignlabs.com/ says the domain is fine. There's nothing in the log file, though I am not logging all queries. I have version 2.75. It's baked into my router firmware (Tomato Shibby) so I can't easily try the very latest. The DNSSEC-related part of my config is dnssec conf-file=/etc/trust-anchors.conf And the trust-anchors.conf says trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D Jun 28 10:11:54 router daemon.info dnsmasq[9632]: started, version 2.76 cachesize 4096 Jun 28 10:11:54 router daemon.info dnsmasq[9632]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper a uth DNSSEC loop-detect no-inotify Jun 28 10:11:54 router daemon.info dnsmasq[9632]: DNSSEC validation enabled Jun 28 10:11:54 router daemon.info dnsmasq[9632]: asynchronous logging enabled, queue limit is 5 messages Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: DHCP, IP range 192.168.42.20 -- 192.168.42.254, lease time 1d Jun 28 10:11:54 router daemon.info dnsmasq[9632]: reading /etc/resolv.dnsmasq Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver 8.8.8.8#53 Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver 8.8.4.4#53 Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read /etc/hosts - 2 addresses Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read /etc/dnsmasq/hosts/hosts - 12 addresses Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: read /etc/dnsmasq/dhcp/dhcp-hosts Is there anything else I can check? Thanks Hamish ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss