Re: [Dnsmasq-discuss] DNSSEC validation failing on Cloudflare test domain

2019-07-18 Thread Simon Kelley
On 18/07/2019 10:57, Hamish Moffatt wrote: > Yes it does work with 8.8.8.8. > > It works if I query 1.1.1.1 directly with dig though, or use proxy-dnssec. The problem is not the answer to the query, it's that for dnsmasq to validate the answer, it has to make a set of further queries, and

Re: [Dnsmasq-discuss] DNSSEC validation failing on Cloudflare test domain

2019-07-17 Thread Hamish Moffatt
It looks like it's the same. I can't query the www.vp4.navy.mil site listed in that other report with validation enabled either. dnsmasq[14688]: 323 192.168.42.2/60372 query[A] www.vp4.navy.mil from 192.168.42.2 dnsmasq[14688]: 323 192.168.42.2/60372 forwarded www.vp4.navy.mil to 1.1.1.1

Re: [Dnsmasq-discuss] DNSSEC validation failing on Cloudflare test domain

2019-07-17 Thread Simon Kelley
I'm not in a position to look at this for a few days, but in the meantime, http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012910.html discusses a situation which looks, at least superficially, similar. It might be worth turning on DNS logging and seeing if the similarity goes