On 18/07/2019 10:57, Hamish Moffatt wrote:
> Yes it does work with 8.8.8.8.
>
> It works if I query 1.1.1.1 directly with dig though, or use proxy-dnssec.
The problem is not the answer to the query, it's that for dnsmasq to
validate the answer, it has to make a set of further queries, and
It looks like it's the same. I can't query the www.vp4.navy.mil site
listed in that other report with validation enabled either.
dnsmasq[14688]: 323 192.168.42.2/60372 query[A] www.vp4.navy.mil from
192.168.42.2
dnsmasq[14688]: 323 192.168.42.2/60372 forwarded www.vp4.navy.mil to 1.1.1.1
I'm not in a position to look at this for a few days, but in the meantime,
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012910.html
discusses a situation which looks, at least superficially, similar. It
might be worth turning on DNS logging and seeing if the similarity goes