Discussion:
[Dnsmasq-discuss] DNSSEC failure after some time
Hamish Moffatt
2017-06-28 01:25:41 UTC
Permalink
I've recently enabled DNSSEC on dnsmasq, and signed a zone that I work
with a lot.

It works for a while (dig shows the AD (authentic data) flag on signed
zones), but after about a week, I start getting lookup failures for that
zone until I restart dnsmasq. Then it works for another week. The DNSSEC
verifier at https://dnssec-debugger.verisignlabs.com/ says the domain is
fine.

There's nothing in the log file, though I am not logging all queries.


I have version 2.75. It's baked into my router firmware (Tomato Shibby)
so I can't easily try the very latest. The DNSSEC-related part of my
config is

dnssec

conf-file=/etc/trust-anchors.conf


And the trust-anchors.conf says

trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D



Jun 28 10:11:54 router daemon.info dnsmasq[9632]: started, version 2.76
cachesize 4096
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: compile time options:
IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP
no-conntrack ipset Tomato-helper a
uth DNSSEC loop-detect no-inotify
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: DNSSEC validation enabled
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: asynchronous logging
enabled, queue limit is 5 messages
Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: DHCP, IP range
192.168.42.20 -- 192.168.42.254, lease time 1d
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: reading
/etc/resolv.dnsmasq
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver
8.8.8.8#53
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver
8.8.4.4#53
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read /etc/hosts - 2
addresses
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read
/etc/dnsmasq/hosts/hosts - 12 addresses
Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: read
/etc/dnsmasq/dhcp/dhcp-hosts


Is there anything else I can check?



Thanks


Hamish
Simon Kelley
2017-06-28 21:05:51 UTC
Permalink
Post by Hamish Moffatt
I've recently enabled DNSSEC on dnsmasq, and signed a zone that I work
with a lot.
It works for a while (dig shows the AD (authentic data) flag on signed
zones), but after about a week, I start getting lookup failures for that
zone until I restart dnsmasq. Then it works for another week. The DNSSEC
verifier at https://dnssec-debugger.verisignlabs.com/ says the domain is
fine.
There's nothing in the log file, though I am not logging all queries.
I have version 2.75. It's baked into my router firmware (Tomato Shibby)
so I can't easily try the very latest. The DNSSEC-related part of my
config is
dnssec
conf-file=/etc/trust-anchors.conf
And the trust-anchors.conf says
trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: started, version 2.76
cachesize 4096
IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP
no-conntrack ipset Tomato-helper a
uth DNSSEC loop-detect no-inotify
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: DNSSEC validation enabled
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: asynchronous logging
enabled, queue limit is 5 messages
Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: DHCP, IP range
192.168.42.20 -- 192.168.42.254, lease time 1d
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: reading
/etc/resolv.dnsmasq
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver
8.8.8.8#53
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: using nameserver
8.8.4.4#53
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read /etc/hosts - 2
addresses
Jun 28 10:11:54 router daemon.info dnsmasq[9632]: read
/etc/dnsmasq/hosts/hosts - 12 addresses
Jun 28 10:11:54 router daemon.info dnsmasq-dhcp[9632]: read
/etc/dnsmasq/dhcp/dhcp-hosts
Your text says 2.75, but the log says 2.76. There's a significant
difference between the two in DNSSEC code.

First thing to do is to turn on --log-queries and arrange for the (quite
large) logs to go somewhere safe, if the router has limited storage.
That should give you information about why the validation is failing.



Cheers,

Simon.
Hamish Moffatt
2017-06-28 23:42:00 UTC
Permalink
Post by Simon Kelley
Your text says 2.75, but the log says 2.76. There's a significant
difference between the two in DNSSEC code.
First thing to do is to turn on --log-queries and arrange for the (quite
large) logs to go somewhere safe, if the router has limited storage.
That should give you information about why the validation is failing.
I meant 2.76. I will start logging and report back if I see the failure
again (but two weeks in a row now).

thanks
Hamish
Hamish Moffatt
2017-07-03 08:35:14 UTC
Permalink
Post by Hamish Moffatt
Post by Simon Kelley
Your text says 2.75, but the log says 2.76. There's a significant
difference between the two in DNSSEC code.
First thing to do is to turn on --log-queries and arrange for the (quite
large) logs to go somewhere safe, if the router has limited storage.
That should give you information about why the validation is failing.
I meant 2.76. I will start logging and report back if I see the
failure again (but two weeks in a row now).
This just happened again. Here are the logs from a couple of DNS lookups
after it failed. I redacted the hostnames and IPs, hope it still makes
sense.


ul 3 16:58:36 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:36 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:37 router daemon.info dnsmasq[11219]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation
foo2.foo.com is ABANDONED
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: validation
foo2.foo.com is ABANDONED
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A]
foo2.foo.com.cloud.net.au from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com.cloud.net.au to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: validation result is
INSECURE
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply
foo2.foo.com.cloud.net.au is NXDOMAIN

Jul 3 17:00:48 router daemon.info dnsmasq[11425]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: validation
dev.foo.com is ABANDONED
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply dev.foo.com is
<CNAME>
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply
office-gw.foo.com.au is 1.1.1.1
Jul 3 17:00:48 router daemon.info dnsmasq[10149]: query[A]
dev.foo.com.cloud.net.au from 192.168.42.2
Jul 3 17:00:48 router daemon.info dnsmasq[10149]: cached
dev.foo.com.cloud.net.au is NXDOMAIN
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: query[A]
docs.google.com from 192.168.42.2
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: forwarded
docs.google.com to 8.8.8.8
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: validation result is
INSECURE
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: reply docs.google.com
is 216.58.200.110
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: query[A] foo1.foo.com
from 192.168.42.2
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: forwarded
foo1.foo.com to 8.8.8.8
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[10149]: reply foo1.foo.com is
2.2.2.2
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: query[A] foo1.foo.com
from 192.168.42.2
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: forwarded
foo1.foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: validation
foo1.foo.com is ABANDONED
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: reply foo1.foo.com is
2.2.2.2


Hamish
Hamish Moffatt
2017-07-04 07:20:32 UTC
Permalink
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation
foo2.foo.com is ABANDONED
Now I have this again 24 hours later, and I also have some saying
validation foo2.foo.com is BOGUS



Hamish
Simon Kelley
2017-07-07 22:36:01 UTC
Permalink
Clue: these failures are happening with DNS queries sent over TCP (The
PIDS tell the story, 10149 is the main daemon, and 11219, 11220 are
child processes handling TCP connections.)

I think this is fixed in 2.77 by

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=361dfe515879b5adabf3702b8be692c4fb6bf3a7

Is there any way you could upgrade to 2.77?


Cheers,

Simon.
Post by Hamish Moffatt
Post by Hamish Moffatt
Post by Simon Kelley
Your text says 2.75, but the log says 2.76. There's a significant
difference between the two in DNSSEC code.
First thing to do is to turn on --log-queries and arrange for the (quite
large) logs to go somewhere safe, if the router has limited storage.
That should give you information about why the validation is failing.
I meant 2.76. I will start logging and report back if I see the
failure again (but two weeks in a row now).
This just happened again. Here are the logs from a couple of DNS lookups
after it failed. I redacted the hostnames and IPs, hope it still makes
sense.
ul 3 16:58:36 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:36 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:37 router daemon.info dnsmasq[11219]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation
foo2.foo.com is ABANDONED
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: validation
foo2.foo.com is ABANDONED
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A]
foo2.foo.com.cloud.net.au from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com.cloud.net.au to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: validation result is
INSECURE
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply
foo2.foo.com.cloud.net.au is NXDOMAIN
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: validation
dev.foo.com is ABANDONED
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply dev.foo.com is
<CNAME>
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply
office-gw.foo.com.au is 1.1.1.1
Jul 3 17:00:48 router daemon.info dnsmasq[10149]: query[A]
dev.foo.com.cloud.net.au from 192.168.42.2
Jul 3 17:00:48 router daemon.info dnsmasq[10149]: cached
dev.foo.com.cloud.net.au is NXDOMAIN
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: query[A]
docs.google.com from 192.168.42.2
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: forwarded
docs.google.com to 8.8.8.8
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: validation result is
INSECURE
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: reply docs.google.com
is 216.58.200.110
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: query[A] foo1.foo.com
from 192.168.42.2
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: forwarded
foo1.foo.com to 8.8.8.8
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[10149]: reply foo1.foo.com is
2.2.2.2
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: query[A] foo1.foo.com
from 192.168.42.2
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: forwarded
foo1.foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: validation
foo1.foo.com is ABANDONED
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: reply foo1.foo.com is
2.2.2.2
Hamish
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Simon Kelley
2017-07-07 22:38:07 UTC
Permalink
Also, insure that TCP connections to 8.8.8.8 and 8.8.4.4 are not being
blocked in your firewall.

Cheers,

Simon.
Post by Hamish Moffatt
Post by Hamish Moffatt
Post by Simon Kelley
Your text says 2.75, but the log says 2.76. There's a significant
difference between the two in DNSSEC code.
First thing to do is to turn on --log-queries and arrange for the (quite
large) logs to go somewhere safe, if the router has limited storage.
That should give you information about why the validation is failing.
I meant 2.76. I will start logging and report back if I see the
failure again (but two weeks in a row now).
This just happened again. Here are the logs from a couple of DNS lookups
after it failed. I redacted the hostnames and IPs, hope it still makes
sense.
ul 3 16:58:36 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:36 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:37 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:37 router daemon.info dnsmasq[11219]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: validation
foo2.foo.com is ABANDONED
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[11219]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: query[A] foo2.foo.com
from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: forwarded
foo2.foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: dnssec-query[DNSKEY]
foo.com to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: validation
foo2.foo.com is ABANDONED
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo2.foo.com is
<CNAME>
Jul 3 16:58:38 router daemon.info dnsmasq[11220]: reply foo.com is 2.2.2.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: query[A]
foo2.foo.com.cloud.net.au from 192.168.42.2
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: forwarded
foo2.foo.com.cloud.net.au to 8.8.4.4
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: validation result is
INSECURE
Jul 3 16:58:38 router daemon.info dnsmasq[10149]: reply
foo2.foo.com.cloud.net.au is NXDOMAIN
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: validation
dev.foo.com is ABANDONED
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply dev.foo.com is
<CNAME>
Jul 3 17:00:48 router daemon.info dnsmasq[11425]: reply
office-gw.foo.com.au is 1.1.1.1
Jul 3 17:00:48 router daemon.info dnsmasq[10149]: query[A]
dev.foo.com.cloud.net.au from 192.168.42.2
Jul 3 17:00:48 router daemon.info dnsmasq[10149]: cached
dev.foo.com.cloud.net.au is NXDOMAIN
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: query[A]
docs.google.com from 192.168.42.2
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: forwarded
docs.google.com to 8.8.8.8
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: validation result is
INSECURE
Jul 3 17:00:53 router daemon.info dnsmasq[10149]: reply docs.google.com
is 216.58.200.110
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: query[A] foo1.foo.com
from 192.168.42.2
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: forwarded
foo1.foo.com to 8.8.8.8
Jul 3 17:01:02 router daemon.info dnsmasq[10149]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[10149]: reply foo1.foo.com is
2.2.2.2
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: query[A] foo1.foo.com
from 192.168.42.2
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: forwarded
foo1.foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: dnssec-query[DNSKEY]
foo.com to 8.8.8.8
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: validation
foo1.foo.com is ABANDONED
Jul 3 17:01:03 router daemon.info dnsmasq[11427]: reply foo1.foo.com is
2.2.2.2
Hamish
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...